diff --git a/README.md b/README.md
index ed9115b12119a0ab589f22f44faf9a7959bb3cea..5cef15bc0b1ef1d7178a93c84af04e8639efbbff 100644
--- a/README.md
+++ b/README.md
@@ -248,7 +248,7 @@ jsonnet -J vendor -m manifests "${1-example.jsonnet}" | xargs -I{} sh -c 'cat {}
# Make sure to remove json files
find manifests -type f ! -name '*.yaml' -delete
-rm kustomization
+rm -f kustomization
```
diff --git a/examples/prometheus-pvc.jsonnet b/examples/prometheus-pvc.jsonnet
index 295364fd0d1b2563b0501df8fa792e767fbffabc..5a5042f6b0df7926b59e566c6498a1036948eacb 100644
--- a/examples/prometheus-pvc.jsonnet
+++ b/examples/prometheus-pvc.jsonnet
@@ -25,7 +25,7 @@ local kp =
// The possible values for a prometheus <duration> are:
// * https://github.com/prometheus/common/blob/c7de230/model/time.go#L178 specifies "^([0-9]+)(y|w|d|h|m|s|ms)$" (years weeks days hours minutes seconds milliseconds)
retention: '30d',
-
+
// Reference info: https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/storage.md
// By default (if the following 'storage.volumeClaimTemplate' isn't created), prometheus will be created with an EmptyDir for the 'prometheus-k8s-db' volume (for the prom tsdb).
// This 'storage.volumeClaimTemplate' causes the following to be automatically created (via dynamic provisioning) for each prometheus pod:
diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml
index 21400f02a99abac304973600a03dbe69f96a64d7..3d7f7e572cbada5c4ec639d1f474a3b9320045fc 100644
--- a/manifests/prometheus-operator-serviceMonitor.yaml
+++ b/manifests/prometheus-operator-serviceMonitor.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.38.1
+ app.kubernetes.io/version: v0.39.0
name: prometheus-operator
namespace: monitoring
spec:
@@ -19,4 +19,4 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.38.1
+ app.kubernetes.io/version: v0.39.0
diff --git a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml
index fc1867415c64447d06cdd997a80ab68eaa9a3a9b..e04eddbbb5321071bdb7fd164f874feeba8d4ecf 100644
--- a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
@@ -6,18 +6,6 @@ metadata:
creationTimestamp: null
name: alertmanagers.monitoring.coreos.com
spec:
- additionalPrinterColumns:
- - JSONPath: .spec.version
- description: The version of Alertmanager
- name: Version
- type: string
- - JSONPath: .spec.replicas
- description: The desired replicas number of Alertmanagers
- name: Replicas
- type: integer
- - JSONPath: .metadata.creationTimestamp
- name: Age
- type: date
group: monitoring.coreos.com
names:
kind: Alertmanager
@@ -25,4477 +13,4601 @@ spec:
plural: alertmanagers
singular: alertmanager
scope: Namespaced
- subresources: {}
- validation:
- openAPIV3Schema:
- description: Alertmanager describes an Alertmanager cluster.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: 'Specification of the desired behavior of the Alertmanager
- cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- additionalPeers:
- description: AdditionalPeers allows injecting a set of additional Alertmanagers
- to peer with to form a highly available cluster.
- items:
- type: string
- type: array
- affinity:
- description: If specified, the pod's scheduling constraints.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the affinity expressions specified by this field,
- but it may choose a node that violates one or more of the
- expressions. The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node that meets
- all of the scheduling requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating through
- the elements of this field and adding "weight" to the sum
- if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term matches all
- objects with implicit weight 0 (i.e. it's a no-op). A null
- preferred scheduling term matches no objects (i.e. is also
- a no-op).
+ versions:
+ - additionalPrinterColumns:
+ - description: The version of Alertmanager
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: The desired replicas number of Alertmanagers
+ jsonPath: .spec.replicas
+ name: Replicas
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Alertmanager describes an Alertmanager cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the Alertmanager
+ cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ additionalPeers:
+ description: AdditionalPeers allows injecting a set of additional
+ Alertmanagers to peer with to form a highly available cluster.
+ items:
+ type: string
+ type: array
+ affinity:
+ description: If specified, the pod's scheduling constraints.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
properties:
- preference:
- description: A node selector term, associated with the
- corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
- items:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
- items:
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- weight:
- description: Weight associated with matching the corresponding
- nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
required:
- - preference
- - weight
+ - nodeSelectorTerms
type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by this
- field are not met at scheduling time, the pod will not be
- scheduled onto the node. If the affinity requirements specified
- by this field cease to be met at some point during pod execution
- (e.g. due to an update), the system may or may not try to
- eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms. The
- terms are ORed.
- items:
- description: A null or empty node selector term matches
- no objects. The requirements of them are ANDed. The
- TopologySelectorTerm type implements a subset of the
- NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
items:
- type: string
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
type: array
- required:
- - key
- - operator
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ namespaces:
+ description: namespaces specifies which namespaces
+ the labelSelector applies to (matches against);
+ null or empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies which namespaces the
+ labelSelector applies to (matches against); null or
+ empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
items:
- type: string
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
type: array
- required:
- - key
- - operator
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
type: object
- type: array
- type: object
- type: array
- required:
- - nodeSelectorTerms
- type: object
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules (e.g. co-locate
- this pod in the same node, zone, etc. as some other pod(s)).
+ namespaces:
+ description: namespaces specifies which namespaces
+ the labelSelector applies to (matches against);
+ null or empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies which namespaces the
+ labelSelector applies to (matches against); null or
+ empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ baseImage:
+ description: Base image that is used to deploy pods, without tag.
+ type: string
+ clusterAdvertiseAddress:
+ description: 'ClusterAdvertiseAddress is the explicit address to advertise
+ in cluster. Needs to be provided for non RFC1918 [1] (public) addresses.
+ [1] RFC1918: https://tools.ietf.org/html/rfc1918'
+ type: string
+ configMaps:
+ description: ConfigMaps is a list of ConfigMaps in the same namespace
+ as the Alertmanager object, which shall be mounted into the Alertmanager
+ Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/<configmap-name>.
+ items:
+ type: string
+ type: array
+ configSecret:
+ description: ConfigSecret is the name of a Kubernetes Secret in the
+ same namespace as the Alertmanager object, which contains configuration
+ for this Alertmanager instance. Defaults to 'alertmanager-<alertmanager-name>'
+ The secret is mounted into /etc/alertmanager/config.
+ type: string
+ containers:
+ description: Containers allows injecting additional containers. This
+ is meant to allow adding an authentication proxy to an Alertmanager
+ pod.
+ items:
+ description: A single application container that you want to run
+ within a pod.
properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the affinity expressions specified by this field,
- but it may choose a node that violates one or more of the
- expressions. The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node that meets
- all of the scheduling requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating through
- the elements of this field and adding "weight" to the sum
- if the node has pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most preferred.
+ args:
+ description: 'Arguments to the entrypoint. The docker image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The docker image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
+ description: EnvVar represents an environment variable present
+ in a Container.
properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previous defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement is
- a selector that contains values, a key, and
- an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If
- the operator is Exists or DoesNotExist,
- the values array must be empty. This array
- is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value".
- The requirements are ANDed.
- type: object
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
type: object
- namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey matches
- that of any node on which any of the selected pods
- is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the corresponding
- podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by this
- field are not met at scheduling time, the pod will not be
- scheduled onto the node. If the affinity requirements specified
- by this field cease to be met at some point during pod execution
- (e.g. due to a pod label update), the system may or may not
- try to eventually evict the pod from its node. When there
- are multiple elements, the lists of nodes corresponding to
- each podAffinityTerm are intersected, i.e. all terms must
- be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s)) that
- this pod should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is defined as running
- on a node whose value of the label with key <topologyKey>
- matches that of any node on which a pod of the set of pods
- is running
- properties:
- labelSelector:
- description: A label query over a set of resources, in
- this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values
- array must be non-empty. If the operator is
- Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, metadata.labels,
+ metadata.annotations, spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
type: object
- type: object
- namespaces:
- description: namespaces specifies which namespaces the
- labelSelector applies to (matches against); null or
- empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where
- co-located is defined as running on a node whose value
- of the label with key topologyKey matches that of any
- node on which any of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling rules (e.g.
- avoid putting this pod in the same node, zone, etc. as some other
- pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the anti-affinity expressions specified by this
- field, but it may choose a node that violates one or more
- of the expressions. The node that is most preferred is the
- one with the greatest sum of weights, i.e. for each node that
- meets all of the scheduling requirements (resource request,
- requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field
- and adding "weight" to the sum if the node has pods which
- matches the corresponding podAffinityTerm; the node(s) with
- the highest sum are the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement is
- a selector that contains values, a key, and
- an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If
- the operator is Exists or DoesNotExist,
- the values array must be empty. This array
- is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value".
- The requirements are ANDed.
- type: object
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
type: object
- namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey matches
- that of any node on which any of the selected pods
- is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
type: object
- weight:
- description: weight associated with matching the corresponding
- podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
required:
- - podAffinityTerm
- - weight
+ - name
type: object
type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified by
- this field are not met at scheduling time, the pod will not
- be scheduled onto the node. If the anti-affinity requirements
- specified by this field cease to be met at some point during
- pod execution (e.g. due to a pod label update), the system
- may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e. all terms must
- be satisfied.
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s)) that
- this pod should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is defined as running
- on a node whose value of the label with key <topologyKey>
- matches that of any node on which a pod of the set of pods
- is running
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
properties:
- labelSelector:
- description: A label query over a set of resources, in
- this case pods.
+ configMapRef:
+ description: The ConfigMap to select from
properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values
- array must be non-empty. If the operator is
- Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
- type: object
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
type: object
- namespaces:
- description: namespaces specifies which namespaces the
- labelSelector applies to (matches against); null or
- empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where
- co-located is defined as running on a node whose value
- of the label with key topologyKey matches that of any
- node on which any of the selected pods is running. Empty
- topologyKey is not allowed.
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
- required:
- - topologyKey
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
type: object
type: array
- type: object
- type: object
- baseImage:
- description: Base image that is used to deploy pods, without tag.
- type: string
- configMaps:
- description: ConfigMaps is a list of ConfigMaps in the same namespace
- as the Alertmanager object, which shall be mounted into the Alertmanager
- Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/<configmap-name>.
- items:
- type: string
- type: array
- configSecret:
- description: ConfigSecret is the name of a Kubernetes Secret in the
- same namespace as the Alertmanager object, which contains configuration
- for this Alertmanager instance. Defaults to 'alertmanager-<alertmanager-name>'
- The secret is mounted into /etc/alertmanager/config.
- type: string
- containers:
- description: Containers allows injecting additional containers. This
- is meant to allow adding an authentication proxy to an Alertmanager
- pod.
- items:
- description: A single application container that you want to run within
- a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker image''s
- CMD is used if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment. If a variable
- cannot be resolved, the reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can be escaped with a double
- $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot be
- updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ image:
+ description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell. The
- docker image''s ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
- type: array
- env:
- description: List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
properties:
- name:
- description: Name of the environment variable. Must be a
- C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in the
- container and any service environment variables. If a
- variable cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax can be
- escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- key:
- description: The key to select.
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
required:
- - key
+ - port
type: object
- fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, metadata.labels, metadata.annotations,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs.'
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - fieldPath
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The reason for termination is passed
+ to the handler. The Pod''s termination grace period countdown
+ begins before the PreStop hooked is executed. Regardless
+ of the outcome of the handler, the container will eventually
+ terminate within the Pod''s termination grace period.
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
type: object
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- resource:
- description: 'Required: resource to select'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
required:
- - resource
+ - port
type: object
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - key
+ - port
type: object
type: object
- required:
- - name
type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must be a
- C_IDENTIFIER. All invalid keys will be reported as an event
- when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set of
- ConfigMaps
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- configMapRef:
- description: The ConfigMap to select from
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- optional:
- description: Specify whether the ConfigMap must be defined
- type: boolean
+ required:
+ - port
type: object
- prefix:
- description: An optional identifier to prepend to each key
- in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- optional:
- description: Specify whether the Secret must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system should take in
- response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately after a container
- is created. If the handler fails, the container is terminated
- and restarted according to its restart policy. Other management
- of the container blocks until the hook completes. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Exposing
+ a port here gives the system additional information about
+ the network connections a container uses, but is primarily
+ informational. Not specifying a port here DOES NOT prevent
+ that port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container will be
+ accessible from the network. Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately before a container
- is terminated due to an API request or management event
- such as liveness/startup probe failure, preemption, resource
- contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed to
- the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period. Other
- management of the container blocks until the hook completes
- or until the termination grace period is reached. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated. More
- info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ protocol:
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
+ - containerPort
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL. Each
- container in a pod must have a unique name (DNS_LABEL). Cannot
- be updated.
- type: string
- ports:
- description: List of ports to expose from the container. Exposing
- a port here gives the system additional information about the
- network connections a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from the network.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in a single
- container.
+ type: array
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- containerPort:
- description: Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
format: int32
type: integer
- hostIP:
- description: What host IP to bind the external port to.
- type: string
- hostPort:
- description: Number of port to expose on the host. If specified,
- this must be a valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort. Most containers
- do not need this.
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a pod must
- have a unique name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- readinessProbe:
- description: 'Periodic probe of container service readiness. Container
- will be removed from service endpoints if the probe fails. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ properties:
+ limits:
+ additionalProperties:
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this container. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ securityContext:
+ description: 'Security options the pod should run with. More
+ info: https://kubernetes.io/docs/concepts/policy/security-context/
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled.
type: string
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run with. More info:
- https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a
- process can gain more privileges than its parent process.
- This bool directly controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes in
- privileged containers are essentially equivalent to root
- on the host. Defaults to false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount to use
- for the containers. The default is DefaultProcMount which
- uses the container runtime defaults for readonly paths and
- masked paths. This requires the ProcMountType feature flag
- to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem.
- Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be set
- in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset or false, no
- such validation will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata if
- unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random
- SELinux context for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. This is a beta feature enabled by
+ the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
type: string
+ required:
+ - devicePath
+ - name
type: object
- windowsOptions:
- description: The Windows specific settings applied to all
- containers. If unspecified, the options from the PodSecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named
- by the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the
- GMSA credential spec to use. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence. This field is beta-level and may be
- disabled with the WindowsRunAsUserName feature flag.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed until
- this completes successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed. This can
- be used to provide different probe parameters at the beginning
- of a Pod''s lifecycle, when it might take a long time to load
- data or warm a cache, than during steady-state operation. This
- cannot be updated. This is an alpha feature enabled by the StartupProbe
- feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
+ name:
+ description: This must match the Name of a Volume.
type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
type: string
required:
- - port
+ - mountPath
+ - name
type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ externalUrl:
+ description: The external URL the Alertmanager instances will be available
+ under. This is necessary to generate correct URLs. This is necessary
+ if Alertmanager is not served from root of a DNS name.
+ type: string
+ image:
+ description: Image if specified has precedence over baseImage, tag
+ and sha combinations. Specifying the version is still necessary
+ to ensure the Prometheus Operator knows what version of Alertmanager
+ is being configured.
+ type: string
+ imagePullSecrets:
+ description: An optional list of references to secrets in the same
+ namespace to use for pulling prometheus and alertmanager images
+ from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ initContainers:
+ description: 'InitContainers allows adding initContainers to the pod
+ definition. Those can be used to e.g. fetch secrets for injection
+ into the Alertmanager configuration from external sources. Any errors
+ during the execution of an initContainer will lead to a restart
+ of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ Using initContainers for any use case other then secret fetching
+ is entirely outside the scope of what the maintainers will support
+ and by doing so, you accept that this behaviour may break at any
+ time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The docker image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The docker image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer for
- stdin in the container runtime. If this is not set, reads from
- stdin in the container will always result in EOF. Default is
- false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close the stdin
- channel after it has been opened by a single attach. When stdin
- is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container
- start, is empty until the first client attaches to stdin, and
- then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container processes that
- reads from stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s
- termination message will be written is mounted into the container''s
- filesystem. Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated by the
- node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should be populated.
- File will use the contents of terminationMessagePath to populate
- the container status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate a TTY for
- itself, also requires 'stdin' to be true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices to be
- used by the container. This is a beta feature.
- items:
- description: volumeDevice describes a mapping of a raw block
- device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the container
- that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume within
- a container.
- properties:
- mountPath:
- description: Path within the container at which the volume
- should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts are
- propagated from the host to container and the other way
- around. When not set, MountPropagationNone is used. This
- field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise
- (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which
- the container's volume should be mounted. Behaves similarly
- to SubPath but environment variable references $(VAR_NAME)
- are expanded using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and SubPath are mutually
- exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might be
- configured in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- externalUrl:
- description: The external URL the Alertmanager instances will be available
- under. This is necessary to generate correct URLs. This is necessary
- if Alertmanager is not served from root of a DNS name.
- type: string
- image:
- description: Image if specified has precedence over baseImage, tag and
- sha combinations. Specifying the version is still necessary to ensure
- the Prometheus Operator knows what version of Alertmanager is being
- configured.
- type: string
- imagePullSecrets:
- description: An optional list of references to secrets in the same namespace
- to use for pulling prometheus and alertmanager images from registries
- see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
- items:
- description: LocalObjectReference contains enough information to let
- you locate the referenced object inside the same namespace.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- type: array
- initContainers:
- description: 'InitContainers allows adding initContainers to the pod
- definition. Those can be used to e.g. fetch secrets for injection
- into the Alertmanager configuration from external sources. Any errors
- during the execution of an initContainer will lead to a restart of
- the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- Using initContainers for any use case other then secret fetching is
- entirely outside the scope of what the maintainers will support and
- by doing so, you accept that this behaviour may break at any time
- without notice.'
- items:
- description: A single application container that you want to run within
- a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker image''s
- CMD is used if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment. If a variable
- cannot be resolved, the reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can be escaped with a double
- $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot be
- updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previous defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, metadata.labels,
+ metadata.annotations, spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell. The
- docker image''s ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
- type: array
- env:
- description: List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
properties:
- name:
- description: Name of the environment variable. Must be a
- C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in the
- container and any service environment variables. If a
- variable cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax can be
- escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
properties:
- key:
- description: The key to select.
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
required:
- - key
+ - port
type: object
- fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, metadata.labels, metadata.annotations,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs.'
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - fieldPath
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The reason for termination is passed
+ to the handler. The Pod''s termination grace period countdown
+ begins before the PreStop hooked is executed. Regardless
+ of the outcome of the handler, the container will eventually
+ terminate within the Pod''s termination grace period.
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
type: object
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- resource:
- description: 'Required: resource to select'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
required:
- - resource
+ - port
type: object
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - key
+ - port
type: object
type: object
- required:
- - name
type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must be a
- C_IDENTIFIER. All invalid keys will be reported as an event
- when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set of
- ConfigMaps
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- configMapRef:
- description: The ConfigMap to select from
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- optional:
- description: Specify whether the ConfigMap must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
type: object
- prefix:
- description: An optional identifier to prepend to each key
- in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- optional:
- description: Specify whether the Secret must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system should take in
- response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately after a container
- is created. If the handler fails, the container is terminated
- and restarted according to its restart policy. Other management
- of the container blocks until the hook completes. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately before a container
- is terminated due to an API request or management event
- such as liveness/startup probe failure, preemption, resource
- contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed to
- the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period. Other
- management of the container blocks until the hook completes
- or until the termination grace period is reached. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated. More
- info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Exposing
+ a port here gives the system additional information about
+ the network connections a container uses, but is primarily
+ informational. Not specifying a port here DOES NOT prevent
+ that port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container will be
+ accessible from the network. Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ protocol:
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
+ - containerPort
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL. Each
- container in a pod must have a unique name (DNS_LABEL). Cannot
- be updated.
- type: string
- ports:
- description: List of ports to expose from the container. Exposing
- a port here gives the system additional information about the
- network connections a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from the network.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in a single
- container.
+ type: array
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- containerPort:
- description: Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
format: int32
type: integer
- hostIP:
- description: What host IP to bind the external port to.
- type: string
- hostPort:
- description: Number of port to expose on the host. If specified,
- this must be a valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort. Most containers
- do not need this.
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a pod must
- have a unique name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- readinessProbe:
- description: 'Periodic probe of container service readiness. Container
- will be removed from service endpoints if the probe fails. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ properties:
+ limits:
+ additionalProperties:
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this container. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ securityContext:
+ description: 'Security options the pod should run with. More
+ info: https://kubernetes.io/docs/concepts/policy/security-context/
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled.
type: string
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run with. More info:
- https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a
- process can gain more privileges than its parent process.
- This bool directly controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes in
- privileged containers are essentially equivalent to root
- on the host. Defaults to false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount to use
- for the containers. The default is DefaultProcMount which
- uses the container runtime defaults for readonly paths and
- masked paths. This requires the ProcMountType feature flag
- to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem.
- Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be set
- in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset or false, no
- such validation will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata if
- unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random
- SELinux context for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. This is a beta feature enabled by
+ the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
type: string
+ required:
+ - devicePath
+ - name
type: object
- windowsOptions:
- description: The Windows specific settings applied to all
- containers. If unspecified, the options from the PodSecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named
- by the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the
- GMSA credential spec to use. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence. This field is beta-level and may be
- disabled with the WindowsRunAsUserName feature flag.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed until
- this completes successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed. This can
- be used to provide different probe parameters at the beginning
- of a Pod''s lifecycle, when it might take a long time to load
- data or warm a cache, than during steady-state operation. This
- cannot be updated. This is an alpha feature enabled by the StartupProbe
- feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ name:
+ description: This must match the Name of a Volume.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
+ - mountPath
+ - name
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ listenLocal:
+ description: ListenLocal makes the Alertmanager server listen on loopback,
+ so that it does not bind against the Pod IP. Note this is only for
+ the Alertmanager UI, not the gossip communication.
+ type: boolean
+ logFormat:
+ description: Log format for Alertmanager to be configured with.
+ type: string
+ logLevel:
+ description: Log level for Alertmanager to be configured with.
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: Define which Nodes the Pods are scheduled on.
+ type: object
+ paused:
+ description: If set to true all actions on the underlaying managed
+ objects are not goint to be performed, except for delete actions.
+ type: boolean
+ podMetadata:
+ description: PodMetadata configures Labels and Annotations which are
+ propagated to the alertmanager pods.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map stored
+ with a resource that may be set by external tools to store and
+ retrieve arbitrary metadata. They are not queryable and should
+ be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
- stdin:
- description: Whether this container should allocate a buffer for
- stdin in the container runtime. If this is not set, reads from
- stdin in the container will always result in EOF. Default is
- false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close the stdin
- channel after it has been opened by a single attach. When stdin
- is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container
- start, is empty until the first client attaches to stdin, and
- then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container processes that
- reads from stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s
- termination message will be written is mounted into the container''s
- filesystem. Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated by the
- node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used to
+ organize and categorize (scope and select) objects. May match
+ selectors of replication controllers and services. More info:
+ http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow a
+ client to request the generation of an appropriate name automatically.
+ Name is primarily intended for creation idempotence and configuration
+ definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should be populated.
- File will use the contents of terminationMessagePath to populate
- the container status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
+ type: object
+ portName:
+ description: Port name used for the pods and governing service. This
+ defaults to web
+ type: string
+ priorityClassName:
+ description: Priority class assigned to the Pods
+ type: string
+ replicas:
+ description: Size is the expected size of the alertmanager cluster.
+ The controller will eventually make the size of the running cluster
+ equal to the expected size.
+ format: int32
+ type: integer
+ resources:
+ description: Define resources requests and limits for single Pods.
+ properties:
+ limits:
+ additionalProperties:
+ type: string
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ retention:
+ description: Time duration Alertmanager shall retain data for. Default
+ is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)`
+ (milliseconds seconds minutes hours).
+ type: string
+ routePrefix:
+ description: The route prefix Alertmanager registers HTTP handlers
+ for. This is useful, if using ExternalURL and a proxy is rewriting
+ HTTP routes of a request, and the actual ExternalURL is still true,
+ but the server serves requests under a different route prefix. For
+ example for use with `kubectl proxy`.
+ type: string
+ secrets:
+ description: Secrets is a list of Secrets in the same namespace as
+ the Alertmanager object, which shall be mounted into the Alertmanager
+ Pods. The Secrets are mounted into /etc/alertmanager/secrets/<secret-name>.
+ items:
+ type: string
+ type: array
+ securityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings. This defaults to the default PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified defaults to "Always".'
type: string
- tty:
- description: Whether this container should allocate a TTY for
- itself, also requires 'stdin' to be true. Default is false.
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices to be
- used by the container. This is a beta feature.
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID. If
+ unspecified, no groups will be added to any container.
items:
- description: volumeDevice describes a mapping of a raw block
- device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the container
- that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
+ format: int64
+ type: integer
type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch.
items:
- description: VolumeMount describes a mounting of a Volume within
- a container.
+ description: Sysctl defines a kernel parameter to be set
properties:
- mountPath:
- description: Path within the container at which the volume
- should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts are
- propagated from the host to container and the other way
- around. When not set, MountPropagationNone is used. This
- field is beta in 1.10.
- type: string
name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise
- (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's root).
+ description: Name of a property to set
type: string
- subPathExpr:
- description: Expanded path within the volume from which
- the container's volume should be mounted. Behaves similarly
- to SubPath but environment variable references $(VAR_NAME)
- are expanded using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and SubPath are mutually
- exclusive.
+ value:
+ description: Value of a property to set
type: string
required:
- - mountPath
- name
+ - value
type: object
type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might be
- configured in the container image. Cannot be updated.
- type: string
- required:
- - name
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
- type: array
- listenLocal:
- description: ListenLocal makes the Alertmanager server listen on loopback,
- so that it does not bind against the Pod IP. Note this is only for
- the Alertmanager UI, not the gossip communication.
- type: boolean
- logFormat:
- description: Log format for Alertmanager to be configured with.
- type: string
- logLevel:
- description: Log level for Alertmanager to be configured with.
- type: string
- nodeSelector:
- additionalProperties:
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to use to run the Prometheus Pods.
type: string
- description: Define which Nodes the Pods are scheduled on.
- type: object
- paused:
- description: If set to true all actions on the underlaying managed objects
- are not goint to be performed, except for delete actions.
- type: boolean
- podMetadata:
- description: PodMetadata configures Labels and Annotations which are
- propagated to the alertmanager pods.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: 'Annotations is an unstructured key value map stored
- with a resource that may be set by external tools to store and
- retrieve arbitrary metadata. They are not queryable and should
- be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
- type: object
- labels:
- additionalProperties:
- type: string
- description: 'Map of string keys and values that can be used to
- organize and categorize (scope and select) objects. May match
- selectors of replication controllers and services. More info:
- http://kubernetes.io/docs/user-guide/labels'
- type: object
- type: object
- portName:
- description: Port name used for the pods and governing service. This
- defaults to web
- type: string
- priorityClassName:
- description: Priority class assigned to the Pods
- type: string
- replicas:
- description: Size is the expected size of the alertmanager cluster.
- The controller will eventually make the size of the running cluster
- equal to the expected size.
- format: int32
- type: integer
- resources:
- description: Define resources requests and limits for single Pods.
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
- type: string
- description: 'Requests describes the minimum amount of compute resources
- required. If Requests is omitted for a container, it defaults
- to Limits if that is explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- retention:
- description: Time duration Alertmanager shall retain data for. Default
- is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)`
- (milliseconds seconds minutes hours).
- type: string
- routePrefix:
- description: The route prefix Alertmanager registers HTTP handlers for.
- This is useful, if using ExternalURL and a proxy is rewriting HTTP
- routes of a request, and the actual ExternalURL is still true, but
- the server serves requests under a different route prefix. For example
- for use with `kubectl proxy`.
- type: string
- secrets:
- description: Secrets is a list of Secrets in the same namespace as the
- Alertmanager object, which shall be mounted into the Alertmanager
- Pods. The Secrets are mounted into /etc/alertmanager/secrets/<secret-name>.
- items:
+ sha:
+ description: SHA of Alertmanager container image to be deployed. Defaults
+ to the value of `version`. Similar to a tag, but the SHA explicitly
+ deploys an immutable container image. Version and Tag are ignored
+ if SHA is set.
type: string
- type: array
- securityContext:
- description: SecurityContext holds pod-level security attributes and
- common container settings. This defaults to the default PodSecurityContext.
- properties:
- fsGroup:
- description: "A special supplemental group that applies to all containers
- in a pod. Some volume types allow the Kubelet to change the ownership
- of that volume to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files created in
- the volume will be owned by FSGroup) 3. The permission bits are
- OR'd with rw-rw---- \n If unset, the Kubelet will not modify the
- ownership and permissions of any volume."
- format: int64
- type: integer
- runAsGroup:
- description: The GID to run the entrypoint of the container process.
- Uses runtime default if unset. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for that container.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail to start
- the container if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If set
- in both SecurityContext and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified. May
- also be set in SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to all containers.
- If unspecified, the container runtime will allocate a random SELinux
- context for each container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for that container.
- properties:
- level:
- description: Level is SELinux level label that applies to the
- container.
- type: string
- role:
- description: Role is a SELinux role label that applies to the
- container.
- type: string
- type:
- description: Type is a SELinux type label that applies to the
- container.
- type: string
- user:
- description: User is a SELinux user label that applies to the
- container.
- type: string
- type: object
- supplementalGroups:
- description: A list of groups applied to the first process run in
- each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls used for
- the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
- items:
- description: Sysctl defines a kernel parameter to be set
+ storage:
+ description: Storage is the definition of how storage will be used
+ by the Alertmanager instances.
+ properties:
+ disableMountSubPath:
+ description: 'Deprecated: subPath usage will be disabled by default
+ in a future release, this option will become unnecessary. DisableMountSubPath
+ allows to remove any subPath usage in volume mounts.'
+ type: boolean
+ emptyDir:
+ description: 'EmptyDirVolumeSource to be used by the Prometheus
+ StatefulSets. If specified, used in place of any volumeClaimTemplate.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
properties:
- name:
- description: Name of a property to set
+ medium:
+ description: 'What type of storage medium should back this
+ directory. The default is "" which means to use the node''s
+ default medium. Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
- value:
- description: Value of a property to set
+ sizeLimit:
+ description: 'Total amount of local storage required for this
+ EmptyDir volume. The size limit is also applicable for memory
+ medium. The maximum usage on memory medium EmptyDir would
+ be the minimum value between the SizeLimit specified here
+ and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
type: string
- required:
- - name
- - value
type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied to all containers.
- If unspecified, the options within a container's SecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named by
- the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the GMSA
- credential spec to use. This field is alpha-level and is only
- honored by servers that enable the WindowsGMSA feature flag.
- type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint of
- the container process. Defaults to the user specified in image
- metadata if unspecified. May also be set in PodSecurityContext.
- If set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence. This
- field is beta-level and may be disabled with the WindowsRunAsUserName
- feature flag.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: ServiceAccountName is the name of the ServiceAccount to
- use to run the Prometheus Pods.
- type: string
- sha:
- description: SHA of Alertmanager container image to be deployed. Defaults
- to the value of `version`. Similar to a tag, but the SHA explicitly
- deploys an immutable container image. Version and Tag are ignored
- if SHA is set.
- type: string
- storage:
- description: Storage is the definition of how storage will be used by
- the Alertmanager instances.
- properties:
- emptyDir:
- description: 'EmptyDirVolumeSource to be used by the Prometheus
- StatefulSets. If specified, used in place of any volumeClaimTemplate.
- More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
- properties:
- medium:
- description: 'What type of storage medium should back this directory.
- The default is "" which means to use the node''s default medium.
- Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- description: 'Total amount of local storage required for this
- EmptyDir volume. The size limit is also applicable for memory
- medium. The maximum usage on memory medium EmptyDir would
- be the minimum value between the SizeLimit specified here
- and the sum of memory limits of all containers in a pod. The
- default is nil which means that the limit is undefined. More
- info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- type: string
- type: object
- volumeClaimTemplate:
- description: A PVC spec to be used by the Prometheus StatefulSets.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this
- representation of an object. Servers should convert recognized
- schemas to the latest internal value, and may reject unrecognized
- values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource
- this object represents. Servers may infer this from the endpoint
- the client submits requests to. Cannot be updated. In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
- type: object
- spec:
- description: 'Spec defines the desired characteristics of a
- volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- accessModes:
- description: 'AccessModes contains the desired access modes
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- dataSource:
- description: This field requires the VolumeSnapshotDataSource
- alpha feature gate to be enabled and currently VolumeSnapshot
- is the only supported data source. If the provisioner
- can support VolumeSnapshot data source, it will create
- a new volume and data will be restored to the volume at
- the same time. If the provisioner does not support VolumeSnapshot
- data source, volume will not be created and the failure
- will be reported as an event. In the future, we plan to
- support more data source types and the behavior of the
- provisioner may change.
- properties:
- apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified, the
- specified Kind must be in the core API group. For
- any other third-party types, APIGroup is required.
+ volumeClaimTemplate:
+ description: A PVC spec to be used by the Prometheus StatefulSets.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: EmbeddedMetadata contains metadata relevant to
+ an EmbeddedResource.
+ properties:
+ annotations:
+ additionalProperties:
type: string
- kind:
- description: Kind is the type of resource being referenced
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata. They
+ are not queryable and should be preserved when modifying
+ objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
type: string
- name:
- description: Name is the name of resource being referenced
+ description: 'Map of string keys and values that can be
+ used to organize and categorize (scope and select) objects.
+ May match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace.
+ Is required when creating resources, although some resources
+ may allow a client to request the generation of an appropriate
+ name automatically. Name is primarily intended for creation
+ idempotence and configuration definition. Cannot be
+ updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ type: object
+ spec:
+ description: 'Spec defines the desired characteristics of
+ a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- limits:
- additionalProperties:
+ type: array
+ dataSource:
+ description: 'This field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot
+ - Beta) * An existing PVC (PersistentVolumeClaim) *
+ An existing custom resource/object that implements data
+ population (Alpha) In order to use VolumeSnapshot object
+ types, the appropriate feature gate must be enabled
+ (VolumeSnapshotDataSource or AnyVolumeDataSource) If
+ the provisioner or an external controller can support
+ the specified data source, it will create a new volume
+ based on the contents of the specified data source.
+ If the specified data source is not supported, the volume
+ will not be created and the failure will be reported
+ as an event. In the future, we plan to support more
+ data source types and the behavior of the provisioner
+ may change.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
type: string
- description: 'Limits describes the maximum amount of
- compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
+ kind:
+ description: Kind is the type of resource being referenced
type: string
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is omitted
- for a container, it defaults to Limits if that is
- explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- selector:
- description: A label query over volumes to consider for
- binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be empty.
- This array is replaced during a strategic merge
- patch.
- items:
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum resources
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ type: string
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider for
+ binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
type: string
- type: array
- required:
- - key
- - operator
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required by the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: 'Status represents the current information/status
+ of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'AccessModes contains the actual access modes
+ the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ capacity:
+ additionalProperties:
+ type: string
+ description: Represents the actual resources of the underlying
+ volume.
+ type: object
+ conditions:
+ description: Current Condition of persistent volume claim.
+ If underlying persistent volume is being resized then
+ the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails
+ details about state of pvc
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned
+ from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: Human-readable message indicating details
+ about last transition.
+ type: string
+ reason:
+ description: Unique, this should be a short, machine
+ understandable string that gives the reason for
+ condition's last transition. If it reports "ResizeStarted"
+ that means the underlying persistent volume is
+ being resized.
+ type: string
+ status:
+ type: string
+ type:
+ description: PersistentVolumeClaimConditionType
+ is a valid value of PersistentVolumeClaimCondition.Type
+ type: string
+ required:
+ - status
+ - type
type: object
- type: object
- storageClassName:
- description: 'Name of the StorageClass required by the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: array
+ phase:
+ description: Phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ type: object
+ type: object
+ type: object
+ tag:
+ description: Tag of Alertmanager container image to be deployed. Defaults
+ to the value of `version`. Version is ignored if Tag is set.
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ version:
+ description: Version the cluster should be on.
+ type: string
+ volumeMounts:
+ description: VolumeMounts allows configuration of additional VolumeMounts
+ on the output StatefulSet definition. VolumeMounts specified will
+ be appended to other VolumeMounts in the alertmanager container,
+ that are generated as a result of StorageSpec objects.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume should
+ be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are propagated
+ from the host to container and the other way around. When
+ not set, MountPropagationNone is used. This field is beta
+ in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which the
+ container's volume should be mounted. Behaves similarly to
+ SubPath but environment variable references $(VAR_NAME) are
+ expanded using the container's environment. Defaults to ""
+ (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes allows configuration of additional volumes on
+ the output StatefulSet definition. Volumes specified will be appended
+ to other volumes that are generated as a result of StorageSpec objects.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify the
+ partition as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the default
+ is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
- volumeMode:
- description: volumeMode defines what type of volume is required
- by the claim. Value of Filesystem is implied when not
- included in claim spec. This is a beta feature.
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read Write.'
type: string
- volumeName:
- description: VolumeName is the binding reference to the
- PersistentVolume backing this claim.
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob disks
+ per storage account Dedicated: single blob disk per storage
+ account Managed: azure managed data disk (only in managed
+ availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure Storage
+ Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
type: string
+ required:
+ - secretName
+ - shareName
type: object
- status:
- description: 'Status represents the current information/status
- of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
properties:
- accessModes:
- description: 'AccessModes contains the actual access modes
- the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ monitors:
+ description: 'Required: Monitors is a collection of Ceph
+ monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
- capacity:
- additionalProperties:
- type: string
- description: Represents the actual resources of the underlying
- volume.
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key ring
+ for User, default is /etc/ceph/user.secret More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the authentication
+ secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name, default
+ is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
type: object
- conditions:
- description: Current Condition of persistent volume claim.
- If underlying persistent volume is being resized then
- the Condition will be set to 'ResizeStarted'.
+ volumeID:
+ description: 'volume id used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in the
+ Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
items:
- description: PersistentVolumeClaimCondition contails details
- about state of pvc
+ description: Maps a string key to a path within a volume.
properties:
- lastProbeTime:
- description: Last time we probed the condition.
- format: date-time
- type: string
- lastTransitionTime:
- description: Last time the condition transitioned
- from one status to another.
- format: date-time
- type: string
- message:
- description: Human-readable message indicating details
- about last transition.
+ key:
+ description: The key to project.
type: string
- reason:
- description: Unique, this should be a short, machine
- understandable string that gives the reason for
- condition's last transition. If it reports "ResizeStarted"
- that means the underlying persistent volume is being
- resized.
- type: string
- status:
- type: string
- type:
- description: PersistentVolumeClaimConditionType is
- a valid value of PersistentVolumeClaimCondition.Type
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map
+ the key to. May not be an absolute path. May not
+ contain the path element '..'. May not start with
+ the string '..'.
type: string
required:
- - status
- - type
+ - key
+ - path
type: object
type: array
- phase:
- description: Phase represents the current phase of PersistentVolumeClaim.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys must
+ be defined
+ type: boolean
type: object
- type: object
- type: object
- tag:
- description: Tag of Alertmanager container image to be deployed. Defaults
- to the value of `version`. Version is ignored if Tag is set.
- type: string
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to tolerates any
- taint that matches the triple <key,value,effect> using the matching
- operator <operator>.
- properties:
- effect:
- description: Effect indicates the taint effect to match. Empty
- means match all taint effects. When specified, allowed values
- are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty, operator
- must be Exists; this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal. Exists
- is equivalent to wildcard for value, so that a pod can tolerate
- all taints of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period of time the
- toleration (which must be of effect NoExecute, otherwise this
- field is ignored) tolerates the taint. By default, it is not
- set, which means tolerate the taint forever (do not evict).
- Zero and negative values will be treated as 0 (evict immediately)
- by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise
- just a regular string.
- type: string
- type: object
- type: array
- version:
- description: Version the cluster should be on.
- type: string
- volumeMounts:
- description: VolumeMounts allows configuration of additional VolumeMounts
- on the output StatefulSet definition. VolumeMounts specified will
- be appended to other VolumeMounts in the alertmanager container, that
- are generated as a result of StorageSpec objects.
- items:
- description: VolumeMount describes a mounting of a Volume within a
- container.
- properties:
- mountPath:
- description: Path within the container at which the volume should
- be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts are propagated
- from the host to container and the other way around. When not
- set, MountPropagationNone is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise (false
- or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which the container's
- volume should be mounted. Behaves similarly to SubPath but environment
- variable references $(VAR_NAME) are expanded using the container's
- environment. Defaults to "" (volume's root). SubPathExpr and
- SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- volumes:
- description: Volumes allows configuration of additional volumes on the
- output StatefulSet definition. Volumes specified will be appended
- to other volumes that are generated as a result of StorageSpec objects.
- items:
- description: Volume represents a named volume in a pod that may be
- accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an AWS Disk resource
- that is attached to a kubelet''s host machine and then exposed
- to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- partition:
- description: 'The partition in the volume that you want to
- mount. If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for /dev/sda is
- "0" (or you can leave the property empty).'
- format: int32
- type: integer
- readOnly:
- description: 'Specify "true" to force and set the ReadOnly
- property in VolumeMounts to "true". If omitted, the default
- is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: boolean
- volumeID:
- description: 'Unique ID of the persistent disk resource in
- AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: AzureDisk represents an Azure Data Disk mount on
- the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'Host Caching mode: None, Read Only, Read Write.'
- type: string
- diskName:
- description: The Name of the data disk in the blob storage
- type: string
- diskURI:
- description: The URI the data disk in the blob storage
- type: string
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'Expected values Shared: multiple blob disks
- per storage account Dedicated: single blob disk per storage
- account Managed: azure managed data disk (only in managed
- availability set). defaults to shared'
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: AzureFile represents an Azure File Service mount
- on the host and bind mount to the pod.
- properties:
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: the name of secret that contains Azure Storage
- Account Name and Key
- type: string
- shareName:
- description: Share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: CephFS represents a Ceph FS mount on the host that
- shares a pod's lifetime
- properties:
- monitors:
- description: 'Required: Monitors is a collection of Ceph monitors
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- items:
+ csi:
+ description: CSI (Container Storage Interface) represents storage
+ that is handled by an external CSI driver (Alpha feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
type: string
- type: array
- path:
- description: 'Optional: Used as the mounted root, rather than
- the full Ceph tree, default is /'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts. More
- info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: boolean
- secretFile:
- description: 'Optional: SecretFile is the path to key ring
- for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- secretRef:
- description: 'Optional: SecretRef is reference to the authentication
- secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- user:
- description: 'Optional: User is the rados user name, default
- is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: 'Cinder represents a cinder volume attached and mounted
- on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- properties:
- fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts. More
- info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: boolean
- secretRef:
- description: 'Optional: points to a secret object containing
- parameters used to connect to OpenStack.'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- volumeID:
- description: 'volume id used to identify the volume in cinder.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: ConfigMap represents a configMap that should populate
- this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value pair in the Data
- field of the referenced ConfigMap will be projected into
- the volume as a file whose name is the key and content is
- the value. If specified, the listed keys will be projected
- into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the
- ConfigMap, the volume setup will error unless it is marked
- optional. Paths must be relative and may not contain the
- '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed to
+ the associated CSI driver which will determine the default
+ filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the
- key to. May not be an absolute path. May not contain
- the path element '..'. May not start with the string
- '..'.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- required:
- - key
- - path
type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its keys must
- be defined
- type: boolean
- type: object
- csi:
- description: CSI (Container Storage Interface) represents storage
- that is handled by an external CSI driver (Alpha feature).
- properties:
- driver:
- description: Driver is the name of the CSI driver that handles
- this volume. Consult with your admin for the correct name
- as registered in the cluster.
- type: string
- fsType:
- description: Filesystem type to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is passed to the
- associated CSI driver which will determine the default filesystem
- to apply.
- type: string
- nodePublishSecretRef:
- description: NodePublishSecretRef is a reference to the secret
- object containing sensitive information to pass to the CSI
- driver to complete the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be empty if no secret
- is required. If the secret object contains more than one
- secret, all secret references are passed.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ readOnly:
+ description: Specifies a read-only configuration for the
+ volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
type: string
- type: object
- readOnly:
- description: Specifies a read-only configuration for the volume.
- Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: VolumeAttributes stores driver-specific properties
- that are passed to the CSI driver. Consult your driver's
- documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: DownwardAPI represents downward API about the pod
- that should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume file
+ description: VolumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
items:
- description: DownwardAPIVolumeFile represents information
- to create the file containing the pod field
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back this
+ directory. The default is "" which means to use the node''s
+ default medium. Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ description: 'Total amount of local storage required for
+ this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the limit
+ is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ type: string
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the secret
+ object containing sensitive information to pass to the
+ plugin scripts. This may be empty if no secret object
+ is specified. If the secret object contains more than
+ one secret, all secrets are passed to the plugin scripts.'
properties:
- fieldRef:
- description: 'Required: Selects a field of the pod:
- only annotations, labels, name and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative path name
- of the file to be created. Must not be absolute or
- contain the ''..'' path. Must be utf-8 encoded. The
- first item of the relative path must not start with
- ''..'''
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are currently supported.'
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
- type: string
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
type: object
- type: array
- type: object
- emptyDir:
- description: 'EmptyDir represents a temporary directory that shares
- a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- properties:
- medium:
- description: 'What type of storage medium should back this
- directory. The default is "" which means to use the node''s
- default medium. Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- description: 'Total amount of local storage required for this
- EmptyDir volume. The size limit is also applicable for memory
- medium. The maximum usage on memory medium EmptyDir would
- be the minimum value between the SizeLimit specified here
- and the sum of memory limits of all containers in a pod.
- The default is nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- type: string
- type: object
- fc:
- description: FC represents a Fibre Channel resource that is attached
- to a kubelet's host machine and then exposed to the pod.
- properties:
- fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- lun:
- description: 'Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.'
- type: boolean
- targetWWNs:
- description: 'Optional: FC target worldwide names (WWNs)'
- items:
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata -> name
+ on the dataset for Flocker should be considered as deprecated
type: string
- type: array
- wwids:
- description: 'Optional: FC volume world wide identifiers (wwids)
- Either wwids or combination of targetWWNs and lun must be
- set, but not both simultaneously.'
- items:
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
type: string
- type: array
- type: object
- flexVolume:
- description: FlexVolume represents a generic volume resource that
- is provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: Driver is the name of the driver to use for this
- volume.
- type: string
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends on FlexVolume
- script.
- type: string
- options:
- additionalProperties:
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
type: string
- description: 'Optional: Extra command options if any.'
- type: object
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.'
- type: boolean
- secretRef:
- description: 'Optional: SecretRef is reference to the secret
- object containing sensitive information to pass to the plugin
- scripts. This may be empty if no secret object is specified.
- If the secret object contains more than one secret, all
- secrets are passed to the plugin scripts.'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- required:
- - driver
- type: object
- flocker:
- description: Flocker represents a Flocker volume attached to a
- kubelet's host machine. This depends on the Flocker control
- service being running
- properties:
- datasetName:
- description: Name of the dataset stored as metadata -> name
- on the dataset for Flocker should be considered as deprecated
- type: string
- datasetUUID:
- description: UUID of the dataset. This is unique identifier
- of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE Disk resource
- that is attached to a kubelet''s host machine and then exposed
- to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- partition:
- description: 'The partition in the volume that you want to
- mount. If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for /dev/sda is
- "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: 'Unique name of the PD resource in GCE. Used
- to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: 'GitRepo represents a git repository at a particular
- revision. DEPRECATED: GitRepo is deprecated. To provision a
- container with a git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the EmptyDir into
- the Pod''s container.'
- properties:
- directory:
- description: Target directory name. Must not contain or start
- with '..'. If '.' is supplied, the volume directory will
- be the git repository. Otherwise, if specified, the volume
- will contain the git repository in the subdirectory with
- the given name.
- type: string
- repository:
- description: Repository URL
- type: string
- revision:
- description: Commit hash for the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: 'Glusterfs represents a Glusterfs mount on the host
- that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
- properties:
- endpoints:
- description: 'EndpointsName is the endpoint name that details
- Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- path:
- description: 'Path is the Glusterfs volume path. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- readOnly:
- description: 'ReadOnly here will force the Glusterfs volume
- to be mounted with read-only permissions. Defaults to false.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: 'HostPath represents a pre-existing file or directory
- on the host machine that is directly exposed to the container.
- This is generally used for system agents or other privileged
- things that are allowed to see the host machine. Most containers
- will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can use host directory
- mounts and who can/can not mount host directories as read/write.'
- properties:
- path:
- description: 'Path of the directory on the host. If the path
- is a symlink, it will follow the link to the real path.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- type:
- description: 'Type for HostPath Volume Defaults to "" More
- info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: 'ISCSI represents an ISCSI Disk resource that is
- attached to a kubelet''s host machine and then exposed to the
- pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
- properties:
- chapAuthDiscovery:
- description: whether support iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: whether support iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- initiatorName:
- description: Custom iSCSI Initiator Name. If initiatorName
- is specified with iscsiInterface simultaneously, new iSCSI
- interface <target portal>:<volume name> will be created
- for the connection.
- type: string
- iqn:
- description: Target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iSCSI Interface Name that uses an iSCSI transport.
- Defaults to 'default' (tcp).
- type: string
- lun:
- description: iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: iSCSI Target Portal List. The portal is either
- an IP or ip_addr:port if the port is other than default
- (typically TCP ports 860 and 3260).
- items:
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify the
+ partition as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE. Used
+ to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
- type: array
- readOnly:
- description: ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: CHAP Secret for iSCSI target and initiator authentication
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain or
+ start with '..'. If '.' is supplied, the volume directory
+ will be the git repository. Otherwise, if specified,
+ the volume will contain the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new iSCSI
+ interface <target portal>:<volume name> will be created
+ for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ items:
type: string
- type: object
- targetPortal:
- description: iSCSI Target Portal. The Portal is either an
- IP or ip_addr:port if the port is other than default (typically
- TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: 'Volume''s name. Must be a DNS_LABEL and unique within
- the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- nfs:
- description: 'NFS represents an NFS mount on the host that shares
- a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'Path that is exported by the NFS server. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'ReadOnly here will force the NFS export to be
- mounted with read-only permissions. Defaults to false. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'Server is the hostname or IP address of the
- NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource represents a reference
- to a PersistentVolumeClaim in the same namespace. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this volume. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: Will force the ReadOnly setting in VolumeMounts.
- Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: ID that identifies Photon Controller persistent
- disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: PortworxVolume represents a portworx volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: FSType represents the filesystem type to mount
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: VolumeID uniquely identifies a Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: Items for all in one resources secrets, configmaps,
- and downward API
- properties:
- defaultMode:
- description: Mode bits to use on created files by default.
- Must be a value between 0 and 0777. Directories within the
- path are not affected by this setting. This might be in
- conflict with other options that affect the file mode, like
- fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: list of volume projections
- items:
- description: Projection that may be projected along with
- other supported volume types
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
properties:
- configMap:
- description: information about the configMap data to
- project
- properties:
- items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced ConfigMap
- will be projected into the volume as a file whose
- name is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present.
- If a key is specified which is not present in
- the ConfigMap, the volume setup will error unless
- it is marked optional. Paths must be relative
- and may not contain the '..' path or start with
- '..'.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either an
+ IP or ip_addr:port if the port is other than default (typically
+ TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits to use on created files by default.
+ Must be a value between 0 and 0777. Directories within
+ the path are not affected by this setting. This might
+ be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits
+ set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its
- keys must be defined
- type: boolean
- type: object
- downwardAPI:
- description: information about the downwardAPI data
- to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
+ description: If unspecified, each key-value pair
+ in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file
+ to map the key to. May not be an absolute
+ path. May not contain the path element
+ '..'. May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI data
+ to project
+ properties:
items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing the
- pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of
- the pod: only annotations, labels, name
- and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created. Must
- not be absolute or contain the ''..'' path.
- Must be utf-8 encoded. The first item of
- the relative path must not start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, requests.cpu and requests.memory)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- type: string
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: information about the secret data to project
- properties:
- items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced Secret will
- be projected into the volume as a file whose name
- is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present.
- If a key is specified which is not present in
- the Secret, the volume setup will error unless
- it is marked optional. Paths must be relative
- and may not contain the '..' path or start with
- '..'.
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ type: string
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data to
+ project
+ properties:
items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- type: object
- serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
- properties:
- audience:
- description: Audience is the intended audience of
- the token. A recipient of a token must identify
- itself with an identifier specified in the audience
- of the token, and otherwise should reject the
- token. The audience defaults to the identifier
- of the apiserver.
- type: string
- expirationSeconds:
- description: ExpirationSeconds is the requested
- duration of validity of the service account token.
- As the token approaches expiration, the kubelet
- volume plugin will proactively rotate the service
- account token. The kubelet will start trying to
- rotate the token if the token is older than 80
- percent of its time to live or if the token is
- older than 24 hours.Defaults to 1 hour and must
- be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: Path is the path relative to the mount
- point of the file to project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- required:
- - sources
- type: object
- quobyte:
- description: Quobyte represents a Quobyte mount on the host that
- shares a pod's lifetime
- properties:
- group:
- description: Group to map volume access to Default is no group
- type: string
- readOnly:
- description: ReadOnly here will force the Quobyte volume to
- be mounted with read-only permissions. Defaults to false.
- type: boolean
- registry:
- description: Registry represents a single or multiple Quobyte
- Registry services specified as a string as host:port pair
- (multiple entries are separated with commas) which acts
- as the central registry for volumes
- type: string
- tenant:
- description: Tenant owning the given Quobyte volume in the
- Backend Used with dynamically provisioned Quobyte volumes,
- value is set by the plugin
- type: string
- user:
- description: User to map volume access to Defaults to serivceaccount
- user
- type: string
- volume:
- description: Volume is a string that references an already
- created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'RBD represents a Rados Block Device mount on the
- host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- image:
- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'Keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
+ description: If unspecified, each key-value pair
+ in the Data field of the referenced Secret will
+ be projected into the volume as a file whose
+ name is the key and content is the value. If
+ specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file
+ to map the key to. May not be an absolute
+ path. May not contain the path element
+ '..'. May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ required:
+ - sources
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is no
+ group
type: string
- type: array
- pool:
- description: 'The rados pool name. Default is rbd. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'SecretRef is name of the authentication secret
- for RBDUser. If provided overrides keyring. Default is nil.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- user:
- description: 'The rados user name. Default is admin. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: ScaleIO represents a ScaleIO persistent volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: The host address of the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: The name of the ScaleIO Protection Domain for
- the configured storage.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef references to the secret for ScaleIO
- user and other sensitive information. If this is not provided,
- Login operation will fail.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
type: string
- type: object
- sslEnabled:
- description: Flag to enable/disable SSL communication with
- Gateway, default false
- type: boolean
- storageMode:
- description: Indicates whether the storage for a volume should
- be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: The ScaleIO Storage Pool associated with the
- protection domain.
- type: string
- system:
- description: The name of the storage system as configured
- in ScaleIO.
- type: string
- volumeName:
- description: The name of a volume already created in the ScaleIO
- system that is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'Secret represents a secret that should populate
- this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value pair in the Data
- field of the referenced Secret will be projected into the
- volume as a file whose name is the key and content is the
- value. If specified, the listed keys will be projected into
- the specified paths, and unlisted keys will not be present.
- If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional.
- Paths must be relative and may not contain the '..' path
- or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
- key:
- description: The key to project.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the
- key to. May not be an absolute path. May not contain
- the path element '..'. May not start with the string
- '..'.
+ type: object
+ user:
+ description: 'The rados user name. Default is admin. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain for
+ the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- required:
- - key
- - path
type: object
- type: array
- optional:
- description: Specify whether the Secret or its keys must be
- defined
- type: boolean
- secretName:
- description: 'Name of the secret in the pod''s namespace to
- use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: StorageOS represents a StorageOS volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef specifies the secret to use for obtaining
- the StorageOS API credentials. If not specified, default
- values will be attempted.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- volumeName:
- description: VolumeName is the human-readable name of the
- StorageOS volume. Volume names are only unique within a
- namespace.
- type: string
- volumeNamespace:
- description: VolumeNamespace specifies the scope of the volume
- within StorageOS. If no namespace is specified then the
- Pod's namespace will be used. This allows the Kubernetes
- name scoping to be mirrored within StorageOS for tighter
- integration. Set VolumeName to any name to override the
- default behaviour. Set to "default" if you are not using
- namespaces within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: VsphereVolume represents a vSphere volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: Storage Policy Based Management (SPBM) profile
- ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: Storage Policy Based Management (SPBM) profile
- name.
- type: string
- volumePath:
- description: Path that identifies vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- status:
- description: 'Most recent observed status of the Alertmanager cluster. Read-only.
- Not included when requesting from the apiserver, only from the Prometheus
- Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- availableReplicas:
- description: Total number of available pods (ready for at least minReadySeconds)
- targeted by this Alertmanager cluster.
- format: int32
- type: integer
- paused:
- description: Represents whether any actions on the underlaying managed
- objects are being performed. Only delete actions will be performed.
- type: boolean
- replicas:
- description: Total number of non-terminated pods targeted by this Alertmanager
- cluster (their labels match the selector).
- format: int32
- type: integer
- unavailableReplicas:
- description: Total number of unavailable pods targeted by this Alertmanager
- cluster.
- format: int32
- type: integer
- updatedReplicas:
- description: Total number of non-terminated pods targeted by this Alertmanager
- cluster that have the desired version spec.
- format: int32
- type: integer
- required:
- - availableReplicas
- - paused
- - replicas
- - unavailableReplicas
- - updatedReplicas
- type: object
- required:
- - spec
- type: object
- version: v1
- versions:
- - name: v1
+ sslEnabled:
+ description: Flag to enable/disable SSL communication with
+ Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with the
+ protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in the
+ ScaleIO system that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in the
+ Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map
+ the key to. May not be an absolute path. May not
+ contain the path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys must
+ be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM) profile
+ ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM) profile
+ name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ status:
+ description: 'Most recent observed status of the Alertmanager cluster.
+ Read-only. Not included when requesting from the apiserver, only from
+ the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ availableReplicas:
+ description: Total number of available pods (ready for at least minReadySeconds)
+ targeted by this Alertmanager cluster.
+ format: int32
+ type: integer
+ paused:
+ description: Represents whether any actions on the underlaying managed
+ objects are being performed. Only delete actions will be performed.
+ type: boolean
+ replicas:
+ description: Total number of non-terminated pods targeted by this
+ Alertmanager cluster (their labels match the selector).
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: Total number of unavailable pods targeted by this Alertmanager
+ cluster.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated pods targeted by this
+ Alertmanager cluster that have the desired version spec.
+ format: int32
+ type: integer
+ required:
+ - availableReplicas
+ - paused
+ - replicas
+ - unavailableReplicas
+ - updatedReplicas
+ type: object
+ required:
+ - spec
+ type: object
served: true
storage: true
+ subresources: {}
status:
acceptedNames:
kind: ""
diff --git a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml
index c60f902f361b59030c21d02c952e51620cee00a4..01bcac01b0482910d97b771f18c13aabc2971c12 100644
--- a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
@@ -13,247 +13,248 @@ spec:
plural: podmonitors
singular: podmonitor
scope: Namespaced
- validation:
- openAPIV3Schema:
- description: PodMonitor defines monitoring for a set of pods.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: Specification of desired Pod selection for target discovery
- by Prometheus.
- properties:
- jobLabel:
- description: The label to use to retrieve the job name from.
- type: string
- namespaceSelector:
- description: Selector to select which namespaces the Endpoints objects
- are discovered from.
- properties:
- any:
- description: Boolean describing whether all namespaces are selected
- in contrast to a list restricting them.
- type: boolean
- matchNames:
- description: List of namespace names.
- items:
- type: string
- type: array
- type: object
- podMetricsEndpoints:
- description: A list of endpoints allowed as part of this PodMonitor.
- items:
- description: PodMetricsEndpoint defines a scrapeable endpoint of a
- Kubernetes Pod serving Prometheus metrics.
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: PodMonitor defines monitoring for a set of pods.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of desired Pod selection for target discovery
+ by Prometheus.
+ properties:
+ jobLabel:
+ description: The label to use to retrieve the job name from.
+ type: string
+ namespaceSelector:
+ description: Selector to select which namespaces the Endpoints objects
+ are discovered from.
properties:
- honorLabels:
- description: HonorLabels chooses the metric's labels on collisions
- with target labels.
+ any:
+ description: Boolean describing whether all namespaces are selected
+ in contrast to a list restricting them.
type: boolean
- honorTimestamps:
- description: HonorTimestamps controls whether Prometheus respects
- the timestamps present in scraped data.
- type: boolean
- interval:
- description: Interval at which metrics should be scraped
- type: string
- metricRelabelings:
- description: MetricRelabelConfigs to apply to samples before ingestion.
+ matchNames:
+ description: List of namespace names.
items:
- description: 'RelabelConfig allows dynamic rewriting of the
- label set, being applied to samples before ingestion. It defines
- `<metric_relabel_configs>`-section of Prometheus configuration.
- More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
- properties:
- action:
- description: Action to perform based on regex matching.
- Default is 'replace'
- type: string
- modulus:
- description: Modulus to take of the hash of the source label
- values.
- format: int64
- type: integer
- regex:
- description: Regular expression against which the extracted
- value is matched. Default is '(.*)'
- type: string
- replacement:
- description: Replacement value against which a regex replace
- is performed if the regular expression matches. Regex
- capture groups are available. Default is '$1'
- type: string
- separator:
- description: Separator placed between concatenated source
- label values. default is ';'.
- type: string
- sourceLabels:
- description: The source labels select values from existing
- labels. Their content is concatenated using the configured
- separator and matched against the configured regular expression
- for the replace, keep, and drop actions.
- items:
+ type: string
+ type: array
+ type: object
+ podMetricsEndpoints:
+ description: A list of endpoints allowed as part of this PodMonitor.
+ items:
+ description: PodMetricsEndpoint defines a scrapeable endpoint of
+ a Kubernetes Pod serving Prometheus metrics.
+ properties:
+ honorLabels:
+ description: HonorLabels chooses the metric's labels on collisions
+ with target labels.
+ type: boolean
+ honorTimestamps:
+ description: HonorTimestamps controls whether Prometheus respects
+ the timestamps present in scraped data.
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped
+ type: string
+ metricRelabelings:
+ description: MetricRelabelConfigs to apply to samples before
+ ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
type: string
- type: array
- targetLabel:
- description: Label to which the resulting value is written
- in a replace action. It is mandatory for replace actions.
- Regex capture groups are available.
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ params:
+ additionalProperties:
+ items:
type: string
+ type: array
+ description: Optional HTTP URL parameters
type: object
- type: array
- params:
- additionalProperties:
+ path:
+ description: HTTP path to scrape for metrics.
+ type: string
+ port:
+ description: Name of the pod port this endpoint refers to. Mutually
+ exclusive with targetPort.
+ type: string
+ proxyUrl:
+ description: ProxyURL eg http://proxyserver:2195 Directs scrapes
+ to proxy through this endpoint.
+ type: string
+ relabelings:
+ description: 'RelabelConfigs to apply to samples before ingestion.
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
- type: string
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
type: array
- description: Optional HTTP URL parameters
- type: object
- path:
- description: HTTP path to scrape for metrics.
- type: string
- port:
- description: Name of the pod port this endpoint refers to. Mutually
- exclusive with targetPort.
- type: string
- proxyUrl:
- description: ProxyURL eg http://proxyserver:2195 Directs scrapes
- to proxy through this endpoint.
- type: string
- relabelings:
- description: 'RelabelConfigs to apply to samples before ingestion.
- More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
+ scheme:
+ description: HTTP scheme to use for scraping.
+ type: string
+ scrapeTimeout:
+ description: Timeout after which the scrape is ended
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Deprecated: Use ''port'' instead.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type: array
+ podTargetLabels:
+ description: PodTargetLabels transfers labels on the Kubernetes Pod
+ onto the target.
+ items:
+ type: string
+ type: array
+ sampleLimit:
+ description: SampleLimit defines per-scrape limit on number of scraped
+ samples that will be accepted.
+ format: int64
+ type: integer
+ selector:
+ description: Selector to select Pod objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
items:
- description: 'RelabelConfig allows dynamic rewriting of the
- label set, being applied to samples before ingestion. It defines
- `<metric_relabel_configs>`-section of Prometheus configuration.
- More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
properties:
- action:
- description: Action to perform based on regex matching.
- Default is 'replace'
- type: string
- modulus:
- description: Modulus to take of the hash of the source label
- values.
- format: int64
- type: integer
- regex:
- description: Regular expression against which the extracted
- value is matched. Default is '(.*)'
- type: string
- replacement:
- description: Replacement value against which a regex replace
- is performed if the regular expression matches. Regex
- capture groups are available. Default is '$1'
+ key:
+ description: key is the label key that the selector applies
+ to.
type: string
- separator:
- description: Separator placed between concatenated source
- label values. default is ';'.
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
type: string
- sourceLabels:
- description: The source labels select values from existing
- labels. Their content is concatenated using the configured
- separator and matched against the configured regular expression
- for the replace, keep, and drop actions.
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
- targetLabel:
- description: Label to which the resulting value is written
- in a replace action. It is mandatory for replace actions.
- Regex capture groups are available.
- type: string
+ required:
+ - key
+ - operator
type: object
type: array
- scheme:
- description: HTTP scheme to use for scraping.
- type: string
- scrapeTimeout:
- description: Timeout after which the scrape is ended
- type: string
- targetPort:
- anyOf:
- - type: integer
- - type: string
- description: 'Deprecated: Use ''port'' instead.'
- x-kubernetes-int-or-string: true
- type: object
- type: array
- podTargetLabels:
- description: PodTargetLabels transfers labels on the Kubernetes Pod
- onto the target.
- items:
- type: string
- type: array
- sampleLimit:
- description: SampleLimit defines per-scrape limit on number of scraped
- samples that will be accepted.
- format: int64
- type: integer
- selector:
- description: Selector to select Pod objects.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- required:
- - podMetricsEndpoints
- - selector
- type: object
- required:
- - spec
- type: object
- version: v1
- versions:
- - name: v1
+ type: object
+ required:
+ - podMetricsEndpoints
+ - selector
+ type: object
+ required:
+ - spec
+ type: object
served: true
storage: true
status:
diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
index 7a3e2f961d963c74f23f2af996c1158949860f80..d391b6b4e2f763d6edb1b7b1d9f198f71b38ec10 100644
--- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
@@ -6,18 +6,6 @@ metadata:
creationTimestamp: null
name: prometheuses.monitoring.coreos.com
spec:
- additionalPrinterColumns:
- - JSONPath: .spec.version
- description: The version of Prometheus
- name: Version
- type: string
- - JSONPath: .spec.replicas
- description: The desired replicas number of Prometheuses
- name: Replicas
- type: integer
- - JSONPath: .metadata.creationTimestamp
- name: Age
- type: date
group: monitoring.coreos.com
names:
kind: Prometheus
@@ -25,728 +13,1168 @@ spec:
plural: prometheuses
singular: prometheus
scope: Namespaced
- subresources: {}
- validation:
- openAPIV3Schema:
- description: Prometheus defines a Prometheus deployment.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: 'Specification of the desired behavior of the Prometheus cluster.
- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- additionalAlertManagerConfigs:
- description: 'AdditionalAlertManagerConfigs allows specifying a key
- of a Secret containing additional Prometheus AlertManager configurations.
- AlertManager configurations specified are appended to the configurations
- generated by the Prometheus Operator. Job configurations specified
- must have the form as specified in the official Prometheus documentation:
- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config.
- As AlertManager configs are appended, the user is responsible to make
- sure it is valid. Note that using this feature may expose the possibility
- to break upgrades of Prometheus. It is advised to review Prometheus
- release notes to ensure that no incompatible AlertManager configs
- are going to break Prometheus after the upgrade.'
- properties:
- key:
- description: The key of the secret to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- additionalAlertRelabelConfigs:
- description: 'AdditionalAlertRelabelConfigs allows specifying a key
- of a Secret containing additional Prometheus alert relabel configurations.
- Alert relabel configurations specified are appended to the configurations
- generated by the Prometheus Operator. Alert relabel configurations
- specified must have the form as specified in the official Prometheus
- documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
- As alert relabel configs are appended, the user is responsible to
- make sure it is valid. Note that using this feature may expose the
- possibility to break upgrades of Prometheus. It is advised to review
- Prometheus release notes to ensure that no incompatible alert relabel
- configs are going to break Prometheus after the upgrade.'
- properties:
- key:
- description: The key of the secret to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- additionalScrapeConfigs:
- description: 'AdditionalScrapeConfigs allows specifying a key of a Secret
- containing additional Prometheus scrape configurations. Scrape configurations
- specified are appended to the configurations generated by the Prometheus
- Operator. Job configurations specified must have the form as specified
- in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
- As scrape configs are appended, the user is responsible to make sure
- it is valid. Note that using this feature may expose the possibility
- to break upgrades of Prometheus. It is advised to review Prometheus
- release notes to ensure that no incompatible scrape configs are going
- to break Prometheus after the upgrade.'
- properties:
- key:
- description: The key of the secret to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- affinity:
- description: If specified, the pod's scheduling constraints.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the affinity expressions specified by this field,
- but it may choose a node that violates one or more of the
- expressions. The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node that meets
- all of the scheduling requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating through
- the elements of this field and adding "weight" to the sum
- if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term matches all
- objects with implicit weight 0 (i.e. it's a no-op). A null
- preferred scheduling term matches no objects (i.e. is also
- a no-op).
+ versions:
+ - additionalPrinterColumns:
+ - description: The version of Prometheus
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: The desired replicas number of Prometheuses
+ jsonPath: .spec.replicas
+ name: Replicas
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Prometheus defines a Prometheus deployment.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the Prometheus
+ cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ additionalAlertManagerConfigs:
+ description: 'AdditionalAlertManagerConfigs allows specifying a key
+ of a Secret containing additional Prometheus AlertManager configurations.
+ AlertManager configurations specified are appended to the configurations
+ generated by the Prometheus Operator. Job configurations specified
+ must have the form as specified in the official Prometheus documentation:
+ https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config.
+ As AlertManager configs are appended, the user is responsible to
+ make sure it is valid. Note that using this feature may expose the
+ possibility to break upgrades of Prometheus. It is advised to review
+ Prometheus release notes to ensure that no incompatible AlertManager
+ configs are going to break Prometheus after the upgrade.'
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ additionalAlertRelabelConfigs:
+ description: 'AdditionalAlertRelabelConfigs allows specifying a key
+ of a Secret containing additional Prometheus alert relabel configurations.
+ Alert relabel configurations specified are appended to the configurations
+ generated by the Prometheus Operator. Alert relabel configurations
+ specified must have the form as specified in the official Prometheus
+ documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
+ As alert relabel configs are appended, the user is responsible to
+ make sure it is valid. Note that using this feature may expose the
+ possibility to break upgrades of Prometheus. It is advised to review
+ Prometheus release notes to ensure that no incompatible alert relabel
+ configs are going to break Prometheus after the upgrade.'
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ additionalScrapeConfigs:
+ description: 'AdditionalScrapeConfigs allows specifying a key of a
+ Secret containing additional Prometheus scrape configurations. Scrape
+ configurations specified are appended to the configurations generated
+ by the Prometheus Operator. Job configurations specified must have
+ the form as specified in the official Prometheus documentation:
+ https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
+ As scrape configs are appended, the user is responsible to make
+ sure it is valid. Note that using this feature may expose the possibility
+ to break upgrades of Prometheus. It is advised to review Prometheus
+ release notes to ensure that no incompatible scrape configs are
+ going to break Prometheus after the upgrade.'
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ affinity:
+ description: If specified, the pod's scheduling constraints.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
properties:
- preference:
- description: A node selector term, associated with the
- corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies which namespaces
+ the labelSelector applies to (matches against);
+ null or empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies which namespaces the
+ labelSelector applies to (matches against); null or
+ empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
type: array
- required:
- - key
- - operator
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ namespaces:
+ description: namespaces specifies which namespaces
+ the labelSelector applies to (matches against);
+ null or empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies which namespaces the
+ labelSelector applies to (matches against); null or
+ empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ alerting:
+ description: Define details regarding alerting.
+ properties:
+ alertmanagers:
+ description: AlertmanagerEndpoints Prometheus should fire alerts
+ against.
+ items:
+ description: AlertmanagerEndpoints defines a selection of a
+ single Endpoints object containing alertmanager IPs to fire
+ alerts against.
+ properties:
+ apiVersion:
+ description: Version of the Alertmanager API that Prometheus
+ uses to send alerts. It can be "v1" or "v2".
+ type: string
+ bearerTokenFile:
+ description: BearerTokenFile to read from filesystem to
+ use when authenticating to Alertmanager.
+ type: string
+ name:
+ description: Name of Endpoints object in Namespace.
+ type: string
+ namespace:
+ description: Namespace of Endpoints object.
+ type: string
+ pathPrefix:
+ description: Prefix for the HTTP path alerts are pushed
+ to.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port the Alertmanager API is exposed on.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use when firing alerts.
+ type: string
+ tlsConfig:
+ description: TLS Config to use for alertmanager connection.
+ properties:
+ ca:
+ description: Stuct containing the CA cert to use for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for
+ the targets.
properties:
key:
- description: The label key that the selector
- applies to.
+ description: The key to select.
type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
required:
- key
- - operator
type: object
- type: array
- type: object
- weight:
- description: Weight associated with matching the corresponding
- nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by this
- field are not met at scheduling time, the pod will not be
- scheduled onto the node. If the affinity requirements specified
- by this field cease to be met at some point during pod execution
- (e.g. due to an update), the system may or may not try to
- eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms. The
- terms are ORed.
- items:
- description: A null or empty node selector term matches
- no objects. The requirements of them are ANDed. The
- TopologySelectorTerm type implements a subset of the
- NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ secret:
+ description: Secret containing data to use for the
+ targets.
properties:
key:
- description: The label key that the selector
- applies to.
+ description: The key of the secret to select
+ from. Must be a valid secret key.
type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
required:
- key
- - operator
type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file
+ for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for
+ the targets.
properties:
key:
- description: The label key that the selector
- applies to.
+ description: The key to select.
type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
required:
- key
- - operator
type: object
- type: array
- type: object
- type: array
- required:
- - nodeSelectorTerms
- type: object
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules (e.g. co-locate
- this pod in the same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the affinity expressions specified by this field,
- but it may choose a node that violates one or more of the
- expressions. The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node that meets
- all of the scheduling requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating through
- the elements of this field and adding "weight" to the sum
- if the node has pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement is
- a selector that contains values, a key, and
- an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If
- the operator is Exists or DoesNotExist,
- the values array must be empty. This array
- is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey matches
- that of any node on which any of the selected pods
- is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the corresponding
- podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by this
- field are not met at scheduling time, the pod will not be
- scheduled onto the node. If the affinity requirements specified
- by this field cease to be met at some point during pod execution
- (e.g. due to a pod label update), the system may or may not
- try to eventually evict the pod from its node. When there
- are multiple elements, the lists of nodes corresponding to
- each podAffinityTerm are intersected, i.e. all terms must
- be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s)) that
- this pod should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is defined as running
- on a node whose value of the label with key <topologyKey>
- matches that of any node on which a pod of the set of pods
- is running
- properties:
- labelSelector:
- description: A label query over a set of resources, in
- this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ secret:
+ description: Secret containing data to use for the
+ targets.
properties:
key:
- description: key is the label key that the selector
- applies to.
+ description: The key of the secret to select
+ from. Must be a valid secret key.
type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values
- array must be non-empty. If the operator is
- Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
required:
- key
- - operator
type: object
- type: array
- matchLabels:
- additionalProperties:
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for
+ the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies which namespaces the
- labelSelector applies to (matches against); null or
- empty list means "this pod's namespace"
- items:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ serverName:
+ description: Used to verify the hostname for the targets.
type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where
- co-located is defined as running on a node whose value
- of the label with key topologyKey matches that of any
- node on which any of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling rules (e.g.
- avoid putting this pod in the same node, zone, etc. as some other
- pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the anti-affinity expressions specified by this
- field, but it may choose a node that violates one or more
- of the expressions. The node that is most preferred is the
- one with the greatest sum of weights, i.e. for each node that
- meets all of the scheduling requirements (resource request,
- requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field
- and adding "weight" to the sum if the node has pods which
- matches the corresponding podAffinityTerm; the node(s) with
- the highest sum are the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
+ type: object
+ required:
+ - name
+ - namespace
+ - port
+ type: object
+ type: array
+ required:
+ - alertmanagers
+ type: object
+ apiserverConfig:
+ description: APIServerConfig allows specifying a host and auth methods
+ to access apiserver. If left empty, Prometheus is assumed to run
+ inside of the cluster and will discover API servers automatically
+ and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
+ properties:
+ basicAuth:
+ description: BasicAuth allow an endpoint to authenticate over
+ basic authentication
+ properties:
+ password:
+ description: The secret in the service monitor namespace that
+ contains the password for authentication.
properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement is
- a selector that contains values, a key, and
- an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If
- the operator is Exists or DoesNotExist,
- the values array must be empty. This array
- is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey matches
- that of any node on which any of the selected pods
- is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the corresponding
- podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
required:
- - podAffinityTerm
- - weight
+ - key
type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified by
- this field are not met at scheduling time, the pod will not
- be scheduled onto the node. If the anti-affinity requirements
- specified by this field cease to be met at some point during
- pod execution (e.g. due to a pod label update), the system
- may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e. all terms must
- be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s)) that
- this pod should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is defined as running
- on a node whose value of the label with key <topologyKey>
- matches that of any node on which a pod of the set of pods
- is running
+ username:
+ description: The secret in the service monitor namespace that
+ contains the username for authentication.
properties:
- labelSelector:
- description: A label query over a set of resources, in
- this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values
- array must be non-empty. If the operator is
- Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies which namespaces the
- labelSelector applies to (matches against); null or
- empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where
- co-located is defined as running on a node whose value
- of the label with key topologyKey matches that of any
- node on which any of the selected pods is running. Empty
- topologyKey is not allowed.
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
required:
- - topologyKey
+ - key
type: object
- type: array
- type: object
- type: object
- alerting:
- description: Define details regarding alerting.
- properties:
- alertmanagers:
- description: AlertmanagerEndpoints Prometheus should fire alerts
- against.
- items:
- description: AlertmanagerEndpoints defines a selection of a single
- Endpoints object containing alertmanager IPs to fire alerts
- against.
+ type: object
+ bearerToken:
+ description: Bearer token for accessing apiserver.
+ type: string
+ bearerTokenFile:
+ description: File to read bearer token for accessing apiserver.
+ type: string
+ host:
+ description: Host of apiserver. A valid string consisting of a
+ hostname or IP followed by an optional port number
+ type: string
+ tlsConfig:
+ description: TLS Config to use for accessing apiserver.
properties:
- apiVersion:
- description: Version of the Alertmanager API that Prometheus
- uses to send alerts. It can be "v1" or "v2".
- type: string
- bearerTokenFile:
- description: BearerTokenFile to read from filesystem to use
- when authenticating to Alertmanager.
- type: string
- name:
- description: Name of Endpoints object in Namespace.
- type: string
- namespace:
- description: Namespace of Endpoints object.
- type: string
- pathPrefix:
- description: Prefix for the HTTP path alerts are pushed to.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Port the Alertmanager API is exposed on.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use when firing alerts.
- type: string
- tlsConfig:
- description: TLS Config to use for alertmanager connection.
+ ca:
+ description: Stuct containing the CA cert to use for the targets.
properties:
- ca:
- description: Stuct containing the CA cert to use for the
+ configMap:
+ description: ConfigMap containing data to use for the
targets.
properties:
- configMap:
- description: ConfigMap containing data to use for
- the targets.
- properties:
- key:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ required:
+ - host
+ type: object
+ arbitraryFSAccessThroughSMs:
+ description: ArbitraryFSAccessThroughSMs configures whether configuration
+ based on a service monitor can access arbitrary files on the file
+ system of the Prometheus container e.g. bearer token files.
+ properties:
+ deny:
+ type: boolean
+ type: object
+ baseImage:
+ description: Base image to use for a Prometheus deployment.
+ type: string
+ configMaps:
+ description: ConfigMaps is a list of ConfigMaps in the same namespace
+ as the Prometheus object, which shall be mounted into the Prometheus
+ Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/<configmap-name>.
+ items:
+ type: string
+ type: array
+ containers:
+ description: 'Containers allows injecting additional containers or
+ modifying operator generated containers. This can be used to allow
+ adding an authentication proxy to a Prometheus pod or to change
+ the behavior of an operator generated container. Containers described
+ here modify an operator generated container if they share the same
+ name and modifications are done via a strategic merge patch. The
+ current container names are: `prometheus`, `prometheus-config-reloader`,
+ `rules-configmap-reloader`, and `thanos-sidecar`. Overriding containers
+ is entirely outside the scope of what the maintainers will support
+ and by doing so, you accept that this behaviour may break at any
+ time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The docker image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The docker image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previous defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
description: The key to select.
type: string
name:
@@ -762,59 +1190,47 @@ spec:
required:
- key
type: object
- secret:
- description: Secret containing data to use for the
- targets.
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, metadata.labels,
+ metadata.annotations, spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
type: string
- name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
required:
- - key
+ - fieldPath
type: object
- type: object
- caFile:
- description: Path to the CA cert in the Prometheus container
- to use for the targets.
- type: string
- cert:
- description: Struct containing the client cert file for
- the targets.
- properties:
- configMap:
- description: ConfigMap containing data to use for
- the targets.
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
properties:
- key:
- description: The key to select.
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
type: string
- name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
required:
- - key
+ - resource
type: object
- secret:
- description: Secret containing data to use for the
- targets.
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
properties:
key:
description: The key of the secret to select from. Must
@@ -834,2864 +1250,3378 @@ spec:
- key
type: object
type: object
- certFile:
- description: Path to the client cert file in the Prometheus
- container for the targets.
- type: string
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keyFile:
- description: Path to the client key file in the Prometheus
- container for the targets.
- type: string
- keySecret:
- description: Secret containing the client key file for
- the targets.
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
- description: Specify whether the Secret or its key
- must be defined
+ description: Specify whether the ConfigMap must be
+ defined
type: boolean
- required:
- - key
type: object
- serverName:
- description: Used to verify the hostname for the targets.
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
type: object
- required:
- - name
- - namespace
- - port
- type: object
- type: array
- required:
- - alertmanagers
- type: object
- apiserverConfig:
- description: APIServerConfig allows specifying a host and auth methods
- to access apiserver. If left empty, Prometheus is assumed to run inside
- of the cluster and will discover API servers automatically and use
- the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
- properties:
- basicAuth:
- description: BasicAuth allow an endpoint to authenticate over basic
- authentication
- properties:
- password:
- description: The secret in the service monitor namespace that
- contains the password for authentication.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- username:
- description: The secret in the service monitor namespace that
- contains the username for authentication.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- bearerToken:
- description: Bearer token for accessing apiserver.
- type: string
- bearerTokenFile:
- description: File to read bearer token for accessing apiserver.
- type: string
- host:
- description: Host of apiserver. A valid string consisting of a hostname
- or IP followed by an optional port number
- type: string
- tlsConfig:
- description: TLS Config to use for accessing apiserver.
- properties:
- ca:
- description: Stuct containing the CA cert to use for the targets.
+ type: array
+ image:
+ description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- secret:
- description: Secret containing data to use for the targets.
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- caFile:
- description: Path to the CA cert in the Prometheus container
- to use for the targets.
- type: string
- cert:
- description: Struct containing the client cert file for the
- targets.
- properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- certFile:
- description: Path to the client cert file in the Prometheus
- container for the targets.
- type: string
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keyFile:
- description: Path to the client key file in the Prometheus container
- for the targets.
- type: string
- keySecret:
- description: Secret containing the client key file for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
- type: object
- required:
- - host
- type: object
- arbitraryFSAccessThroughSMs:
- description: ArbitraryFSAccessThroughSMs configures whether configuration
- based on a service monitor can access arbitrary files on the file
- system of the Prometheus container e.g. bearer token files.
- properties:
- deny:
- type: boolean
- type: object
- baseImage:
- description: Base image to use for a Prometheus deployment.
- type: string
- configMaps:
- description: ConfigMaps is a list of ConfigMaps in the same namespace
- as the Prometheus object, which shall be mounted into the Prometheus
- Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/<configmap-name>.
- items:
- type: string
- type: array
- containers:
- description: 'Containers allows injecting additional containers or modifying
- operator generated containers. This can be used to allow adding an
- authentication proxy to a Prometheus pod or to change the behavior
- of an operator generated container. Containers described here modify
- an operator generated container if they share the same name and modifications
- are done via a strategic merge patch. The current container names
- are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`,
- and `thanos-sidecar`. Overriding containers is entirely outside the
- scope of what the maintainers will support and by doing so, you accept
- that this behaviour may break at any time without notice.'
- items:
- description: A single application container that you want to run within
- a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker image''s
- CMD is used if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment. If a variable
- cannot be resolved, the reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can be escaped with a double
- $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot be
- updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell. The
- docker image''s ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must be a
- C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in the
- container and any service environment variables. If a
- variable cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax can be
- escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
properties:
- key:
- description: The key to select.
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
required:
- - key
+ - port
type: object
- fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, metadata.labels, metadata.annotations,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs.'
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - fieldPath
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The reason for termination is passed
+ to the handler. The Pod''s termination grace period countdown
+ begins before the PreStop hooked is executed. Regardless
+ of the outcome of the handler, the container will eventually
+ terminate within the Pod''s termination grace period.
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
type: object
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- resource:
- description: 'Required: resource to select'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
required:
- - resource
+ - port
type: object
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - key
+ - port
type: object
type: object
- required:
- - name
type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must be a
- C_IDENTIFIER. All invalid keys will be reported as an event
- when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set of
- ConfigMaps
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- configMapRef:
- description: The ConfigMap to select from
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
type: string
- optional:
- description: Specify whether the ConfigMap must be defined
- type: boolean
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
type: object
- prefix:
- description: An optional identifier to prepend to each key
- in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- optional:
- description: Specify whether the Secret must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system should take in
- response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately after a container
- is created. If the handler fails, the container is terminated
- and restarted according to its restart policy. Other management
- of the container blocks until the hook completes. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately before a container
- is terminated due to an API request or management event
- such as liveness/startup probe failure, preemption, resource
- contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed to
- the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period. Other
- management of the container blocks until the hook completes
- or until the termination grace period is reached. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated. More
- info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Exposing
+ a port here gives the system additional information about
+ the network connections a container uses, but is primarily
+ informational. Not specifying a port here DOES NOT prevent
+ that port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container will be
+ accessible from the network. Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ protocol:
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
+ - containerPort
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL. Each
- container in a pod must have a unique name (DNS_LABEL). Cannot
- be updated.
- type: string
- ports:
- description: List of ports to expose from the container. Exposing
- a port here gives the system additional information about the
- network connections a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from the network.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in a single
- container.
+ type: array
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- containerPort:
- description: Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
- format: int32
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
type: integer
- hostIP:
- description: What host IP to bind the external port to.
- type: string
- hostPort:
- description: Number of port to expose on the host. If specified,
- this must be a valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort. Most containers
- do not need this.
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a pod must
- have a unique name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- readinessProbe:
- description: 'Periodic probe of container service readiness. Container
- will be removed from service endpoints if the probe fails. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ properties:
+ limits:
+ additionalProperties:
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this container. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ securityContext:
+ description: 'Security options the pod should run with. More
+ info: https://kubernetes.io/docs/concepts/policy/security-context/
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled.
type: string
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run with. More info:
- https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a
- process can gain more privileges than its parent process.
- This bool directly controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes in
- privileged containers are essentially equivalent to root
- on the host. Defaults to false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount to use
- for the containers. The default is DefaultProcMount which
- uses the container runtime defaults for readonly paths and
- masked paths. This requires the ProcMountType feature flag
- to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem.
- Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be set
- in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset or false, no
- such validation will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata if
- unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random
- SELinux context for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. This is a beta feature enabled by
+ the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
type: string
+ required:
+ - devicePath
+ - name
type: object
- windowsOptions:
- description: The Windows specific settings applied to all
- containers. If unspecified, the options from the PodSecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named
- by the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the
- GMSA credential spec to use. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence. This field is beta-level and may be
- disabled with the WindowsRunAsUserName feature flag.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed until
- this completes successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed. This can
- be used to provide different probe parameters at the beginning
- of a Pod''s lifecycle, when it might take a long time to load
- data or warm a cache, than during steady-state operation. This
- cannot be updated. This is an alpha feature enabled by the StartupProbe
- feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ name:
+ description: This must match the Name of a Volume.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
+ - mountPath
+ - name
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer for
- stdin in the container runtime. If this is not set, reads from
- stdin in the container will always result in EOF. Default is
- false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close the stdin
- channel after it has been opened by a single attach. When stdin
- is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container
- start, is empty until the first client attaches to stdin, and
- then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container processes that
- reads from stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s
- termination message will be written is mounted into the container''s
- filesystem. Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated by the
- node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should be populated.
- File will use the contents of terminationMessagePath to populate
- the container status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate a TTY for
- itself, also requires 'stdin' to be true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices to be
- used by the container. This is a beta feature.
- items:
- description: volumeDevice describes a mapping of a raw block
- device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the container
- that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume within
- a container.
- properties:
- mountPath:
- description: Path within the container at which the volume
- should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts are
- propagated from the host to container and the other way
- around. When not set, MountPropagationNone is used. This
- field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise
- (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which
- the container's volume should be mounted. Behaves similarly
- to SubPath but environment variable references $(VAR_NAME)
- are expanded using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and SubPath are mutually
- exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might be
- configured in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- disableCompaction:
- description: Disable prometheus compaction.
- type: boolean
- enableAdminAPI:
- description: 'Enable access to prometheus web admin API. Defaults to
- the value of `false`. WARNING: Enabling the admin APIs enables mutating
- endpoints, to delete data, shutdown Prometheus, and more. Enabling
- this should be done with care and the user is advised to add additional
- authentication authorization via a proxy to ensure only clients authorized
- to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis'
- type: boolean
- enforcedNamespaceLabel:
- description: EnforcedNamespaceLabel enforces adding a namespace label
- of origin for each alert and metric that is user created. The label
- value will always be the namespace of the object that is being created.
- type: string
- evaluationInterval:
- description: Interval between consecutive evaluations.
- type: string
- externalLabels:
- additionalProperties:
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ disableCompaction:
+ description: Disable prometheus compaction.
+ type: boolean
+ enableAdminAPI:
+ description: 'Enable access to prometheus web admin API. Defaults
+ to the value of `false`. WARNING: Enabling the admin APIs enables
+ mutating endpoints, to delete data, shutdown Prometheus, and more.
+ Enabling this should be done with care and the user is advised to
+ add additional authentication authorization via a proxy to ensure
+ only clients authorized to perform these actions can do so. For
+ more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis'
+ type: boolean
+ enforcedNamespaceLabel:
+ description: EnforcedNamespaceLabel enforces adding a namespace label
+ of origin for each alert and metric that is user created. The label
+ value will always be the namespace of the object that is being created.
type: string
- description: The labels to add to any time series or alerts when communicating
- with external systems (federation, remote storage, Alertmanager).
- type: object
- externalUrl:
- description: The external URL the Prometheus instances will be available
- under. This is necessary to generate correct URLs. This is necessary
- if Prometheus is not served from root of a DNS name.
- type: string
- ignoreNamespaceSelectors:
- description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector
- settings from the podmonitor and servicemonitor configs, and they
- will only discover endpoints within their current namespace. Defaults
- to false.
- type: boolean
- image:
- description: Image if specified has precedence over baseImage, tag and
- sha combinations. Specifying the version is still necessary to ensure
- the Prometheus Operator knows what version of Prometheus is being
- configured.
- type: string
- imagePullSecrets:
- description: An optional list of references to secrets in the same namespace
- to use for pulling prometheus and alertmanager images from registries
- see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
- items:
- description: LocalObjectReference contains enough information to let
- you locate the referenced object inside the same namespace.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
+ evaluationInterval:
+ description: Interval between consecutive evaluations.
+ type: string
+ externalLabels:
+ additionalProperties:
+ type: string
+ description: The labels to add to any time series or alerts when communicating
+ with external systems (federation, remote storage, Alertmanager).
type: object
- type: array
- initContainers:
- description: 'InitContainers allows adding initContainers to the pod
- definition. Those can be used to e.g. fetch secrets for injection
- into the Prometheus configuration from external sources. Any errors
- during the execution of an initContainer will lead to a restart of
- the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- Using initContainers for any use case other then secret fetching is
- entirely outside the scope of what the maintainers will support and
- by doing so, you accept that this behaviour may break at any time
- without notice.'
- items:
- description: A single application container that you want to run within
- a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker image''s
- CMD is used if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment. If a variable
- cannot be resolved, the reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can be escaped with a double
- $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot be
- updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell. The
- docker image''s ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ externalUrl:
+ description: The external URL the Prometheus instances will be available
+ under. This is necessary to generate correct URLs. This is necessary
+ if Prometheus is not served from root of a DNS name.
+ type: string
+ ignoreNamespaceSelectors:
+ description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector
+ settings from the podmonitor and servicemonitor configs, and they
+ will only discover endpoints within their current namespace. Defaults
+ to false.
+ type: boolean
+ image:
+ description: Image if specified has precedence over baseImage, tag
+ and sha combinations. Specifying the version is still necessary
+ to ensure the Prometheus Operator knows what version of Prometheus
+ is being configured.
+ type: string
+ imagePullSecrets:
+ description: An optional list of references to secrets in the same
+ namespace to use for pulling prometheus and alertmanager images
+ from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: array
- env:
- description: List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must be a
- C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in the
- container and any service environment variables. If a
- variable cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax can be
- escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
+ type: object
+ type: array
+ initContainers:
+ description: 'InitContainers allows adding initContainers to the pod
+ definition. Those can be used to e.g. fetch secrets for injection
+ into the Prometheus configuration from external sources. Any errors
+ during the execution of an initContainer will lead to a restart
+ of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ Using initContainers for any use case other then secret fetching
+ is entirely outside the scope of what the maintainers will support
+ and by doing so, you accept that this behaviour may break at any
+ time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The docker image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The docker image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previous defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, metadata.labels,
+ metadata.annotations, spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
properties:
- key:
- description: The key to select.
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
required:
- - key
+ - port
type: object
- fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, metadata.labels, metadata.annotations,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs.'
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - fieldPath
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The reason for termination is passed
+ to the handler. The Pod''s termination grace period countdown
+ begins before the PreStop hooked is executed. Regardless
+ of the outcome of the handler, the container will eventually
+ terminate within the Pod''s termination grace period.
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
type: object
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- resource:
- description: 'Required: resource to select'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
required:
- - resource
+ - port
type: object
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - key
+ - port
type: object
type: object
- required:
- - name
type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must be a
- C_IDENTIFIER. All invalid keys will be reported as an event
- when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set of
- ConfigMaps
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- configMapRef:
- description: The ConfigMap to select from
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
type: string
- optional:
- description: Specify whether the ConfigMap must be defined
- type: boolean
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
type: object
- prefix:
- description: An optional identifier to prepend to each key
- in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- optional:
- description: Specify whether the Secret must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system should take in
- response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately after a container
- is created. If the handler fails, the container is terminated
- and restarted according to its restart policy. Other management
- of the container blocks until the hook completes. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Exposing
+ a port here gives the system additional information about
+ the network connections a container uses, but is primarily
+ informational. Not specifying a port here DOES NOT prevent
+ that port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container will be
+ accessible from the network. Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
type: object
- preStop:
- description: 'PreStop is called immediately before a container
- is terminated due to an API request or management event
- such as liveness/startup probe failure, preemption, resource
- contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed to
- the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period. Other
- management of the container blocks until the hook completes
- or until the termination grace period is reached. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ type: array
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated. More
- info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL. Each
- container in a pod must have a unique name (DNS_LABEL). Cannot
- be updated.
- type: string
- ports:
- description: List of ports to expose from the container. Exposing
- a port here gives the system additional information about the
- network connections a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from the network.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in a single
- container.
- properties:
- containerPort:
- description: Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
- hostIP:
- description: What host IP to bind the external port to.
- type: string
- hostPort:
- description: Number of port to expose on the host. If specified,
- this must be a valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort. Most containers
- do not need this.
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a pod must
- have a unique name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- readinessProbe:
- description: 'Periodic probe of container service readiness. Container
- will be removed from service endpoints if the probe fails. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ properties:
+ limits:
+ additionalProperties:
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this container. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ securityContext:
+ description: 'Security options the pod should run with. More
+ info: https://kubernetes.io/docs/concepts/policy/security-context/
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled.
type: string
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run with. More info:
- https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a
- process can gain more privileges than its parent process.
- This bool directly controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes in
- privileged containers are essentially equivalent to root
- on the host. Defaults to false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount to use
- for the containers. The default is DefaultProcMount which
- uses the container runtime defaults for readonly paths and
- masked paths. This requires the ProcMountType feature flag
- to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem.
- Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be set
- in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset or false, no
- such validation will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata if
- unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random
- SELinux context for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. This is a beta feature enabled by
+ the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
type: string
+ required:
+ - devicePath
+ - name
type: object
- windowsOptions:
- description: The Windows specific settings applied to all
- containers. If unspecified, the options from the PodSecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named
- by the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the
- GMSA credential spec to use. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence. This field is beta-level and may be
- disabled with the WindowsRunAsUserName feature flag.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed until
- this completes successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed. This can
- be used to provide different probe parameters at the beginning
- of a Pod''s lifecycle, when it might take a long time to load
- data or warm a cache, than during steady-state operation. This
- cannot be updated. This is an alpha feature enabled by the StartupProbe
- feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ name:
+ description: This must match the Name of a Volume.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
+ - mountPath
+ - name
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ listenLocal:
+ description: ListenLocal makes the Prometheus server listen on loopback,
+ so that it does not bind against the Pod IP.
+ type: boolean
+ logFormat:
+ description: Log format for Prometheus to be configured with.
+ type: string
+ logLevel:
+ description: Log level for Prometheus to be configured with.
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: Define which Nodes the Pods are scheduled on.
+ type: object
+ overrideHonorLabels:
+ description: OverrideHonorLabels if set to true overrides all user
+ configured honor_labels. If HonorLabels is set in ServiceMonitor
+ or PodMonitor to true, this overrides honor_labels to false.
+ type: boolean
+ overrideHonorTimestamps:
+ description: OverrideHonorTimestamps allows to globally enforce honoring
+ timestamps in all scrape configs.
+ type: boolean
+ paused:
+ description: When a Prometheus deployment is paused, no actions except
+ for deletion will be performed on the underlying objects.
+ type: boolean
+ podMetadata:
+ description: PodMetadata configures Labels and Annotations which are
+ propagated to the prometheus pods.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map stored
+ with a resource that may be set by external tools to store and
+ retrieve arbitrary metadata. They are not queryable and should
+ be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
- stdin:
- description: Whether this container should allocate a buffer for
- stdin in the container runtime. If this is not set, reads from
- stdin in the container will always result in EOF. Default is
- false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close the stdin
- channel after it has been opened by a single attach. When stdin
- is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container
- start, is empty until the first client attaches to stdin, and
- then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container processes that
- reads from stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s
- termination message will be written is mounted into the container''s
- filesystem. Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated by the
- node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should be populated.
- File will use the contents of terminationMessagePath to populate
- the container status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used to
+ organize and categorize (scope and select) objects. May match
+ selectors of replication controllers and services. More info:
+ http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow a
+ client to request the generation of an appropriate name automatically.
+ Name is primarily intended for creation idempotence and configuration
+ definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
- tty:
- description: Whether this container should allocate a TTY for
- itself, also requires 'stdin' to be true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices to be
- used by the container. This is a beta feature.
+ type: object
+ podMonitorNamespaceSelector:
+ description: Namespaces to be selected for PodMonitor discovery. If
+ nil, only check own namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
items:
- description: volumeDevice describes a mapping of a raw block
- device within a container.
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
properties:
- devicePath:
- description: devicePath is the path inside of the container
- that the device will be mapped to.
+ key:
+ description: key is the label key that the selector applies
+ to.
type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
required:
- - devicePath
- - name
+ - key
+ - operator
type: object
type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ podMonitorSelector:
+ description: '*Experimental* PodMonitors to be selected for target
+ discovery. *Deprecated:* if neither this nor serviceMonitorSelector
+ are specified, configuration is unmanaged.'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
items:
- description: VolumeMount describes a mounting of a Volume within
- a container.
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
properties:
- mountPath:
- description: Path within the container at which the volume
- should be mounted. Must not contain ':'.
+ key:
+ description: key is the label key that the selector applies
+ to.
type: string
- mountPropagation:
- description: mountPropagation determines how mounts are
- propagated from the host to container and the other way
- around. When not set, MountPropagationNone is used. This
- field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise
- (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which
- the container's volume should be mounted. Behaves similarly
- to SubPath but environment variable references $(VAR_NAME)
- are expanded using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and SubPath are mutually
- exclusive.
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
required:
- - mountPath
- - name
+ - key
+ - operator
type: object
type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might be
- configured in the container image. Cannot be updated.
- type: string
- required:
- - name
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
type: object
- type: array
- listenLocal:
- description: ListenLocal makes the Prometheus server listen on loopback,
- so that it does not bind against the Pod IP.
- type: boolean
- logFormat:
- description: Log format for Prometheus to be configured with.
- type: string
- logLevel:
- description: Log level for Prometheus to be configured with.
- type: string
- nodeSelector:
- additionalProperties:
+ portName:
+ description: Port name used for the pods and governing service. This
+ defaults to web
+ type: string
+ priorityClassName:
+ description: Priority class assigned to the Pods
type: string
- description: Define which Nodes the Pods are scheduled on.
- type: object
- overrideHonorLabels:
- description: OverrideHonorLabels if set to true overrides all user configured
- honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor
- to true, this overrides honor_labels to false.
- type: boolean
- overrideHonorTimestamps:
- description: OverrideHonorTimestamps allows to globally enforce honoring
- timestamps in all scrape configs.
- type: boolean
- paused:
- description: When a Prometheus deployment is paused, no actions except
- for deletion will be performed on the underlying objects.
- type: boolean
- podMetadata:
- description: PodMetadata configures Labels and Annotations which are
- propagated to the prometheus pods.
- properties:
- annotations:
- additionalProperties:
+ prometheusExternalLabelName:
+ description: Name of Prometheus external label used to denote Prometheus
+ instance name. Defaults to the value of `prometheus`. External label
+ will _not_ be added when value is set to empty string (`""`).
+ type: string
+ query:
+ description: QuerySpec defines the query command line flags when starting
+ Prometheus.
+ properties:
+ lookbackDelta:
+ description: The delta difference allowed for retrieving metrics
+ during expression evaluations.
type: string
- description: 'Annotations is an unstructured key value map stored
- with a resource that may be set by external tools to store and
- retrieve arbitrary metadata. They are not queryable and should
- be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
- type: object
- labels:
- additionalProperties:
+ maxConcurrency:
+ description: Number of concurrent queries that can be run at once.
+ format: int32
+ type: integer
+ maxSamples:
+ description: Maximum number of samples a single query can load
+ into memory. Note that queries will fail if they would load
+ more samples than this into memory, so this also limits the
+ number of samples a query can return.
+ format: int32
+ type: integer
+ timeout:
+ description: Maximum time a query may take before being aborted.
type: string
- description: 'Map of string keys and values that can be used to
- organize and categorize (scope and select) objects. May match
- selectors of replication controllers and services. More info:
- http://kubernetes.io/docs/user-guide/labels'
- type: object
- type: object
- podMonitorNamespaceSelector:
- description: Namespaces to be selected for PodMonitor discovery. If
- nil, only check own namespace.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
+ type: object
+ queryLogFile:
+ description: QueryLogFile specifies the file to which PromQL queries
+ are logged. Note that this location must be writable, and can be
+ persisted using an attached volume. Alternatively, the location
+ can be set to a stdout location such as `/dev/stdout` to log querie
+ information to the default Prometheus log stream. This is only available
+ in versions of Prometheus >= 2.16.0. For more details, see the Prometheus
+ docs (https://prometheus.io/docs/guides/query-log/)
+ type: string
+ remoteRead:
+ description: If specified, the remote_read spec. This is an experimental
+ feature, it may change in any upcoming release in a breaking way.
+ items:
+ description: RemoteReadSpec defines the remote_read configuration
+ for prometheus.
+ properties:
+ basicAuth:
+ description: BasicAuth for the URL.
+ properties:
+ password:
+ description: The secret in the service monitor namespace
+ that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ username:
+ description: The secret in the service monitor namespace
+ that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ bearerToken:
+ description: bearer token for remote read.
+ type: string
+ bearerTokenFile:
+ description: File to read bearer token for remote read.
+ type: string
+ name:
+ description: The name of the remote read queue, must be unique
+ if specified. The name is used in metrics and logging in order
+ to differentiate read configurations. Only valid in Prometheus
+ versions 2.15.0 and newer.
+ type: string
+ proxyUrl:
+ description: Optional ProxyURL
+ type: string
+ readRecent:
+ description: Whether reads should be made for queries for time
+ ranges that the local storage should have complete data for.
+ type: boolean
+ remoteTimeout:
+ description: Timeout for requests to the remote read endpoint.
+ type: string
+ requiredMatchers:
+ additionalProperties:
type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
+ description: An optional list of equality matchers which have
+ to be present in a selector to query the remote read endpoint.
+ type: object
+ tlsConfig:
+ description: TLS Config to use for remote read.
+ properties:
+ ca:
+ description: Stuct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- podMonitorSelector:
- description: '*Experimental* PodMonitors to be selected for target discovery.'
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
+ cert:
+ description: Struct containing the client cert file for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- portName:
- description: Port name used for the pods and governing service. This
- defaults to web
- type: string
- priorityClassName:
- description: Priority class assigned to the Pods
- type: string
- prometheusExternalLabelName:
- description: Name of Prometheus external label used to denote Prometheus
- instance name. Defaults to the value of `prometheus`. External label
- will _not_ be added when value is set to empty string (`""`).
- type: string
- query:
- description: QuerySpec defines the query command line flags when starting
- Prometheus.
- properties:
- lookbackDelta:
- description: The delta difference allowed for retrieving metrics
- during expression evaluations.
- type: string
- maxConcurrency:
- description: Number of concurrent queries that can be run at once.
- format: int32
- type: integer
- maxSamples:
- description: Maximum number of samples a single query can load into
- memory. Note that queries will fail if they would load more samples
- than this into memory, so this also limits the number of samples
- a query can return.
- format: int32
- type: integer
- timeout:
- description: Maximum time a query may take before being aborted.
- type: string
- type: object
- remoteRead:
- description: If specified, the remote_read spec. This is an experimental
- feature, it may change in any upcoming release in a breaking way.
- items:
- description: RemoteReadSpec defines the remote_read configuration
- for prometheus.
- properties:
- basicAuth:
- description: BasicAuth for the URL.
- properties:
- password:
- description: The secret in the service monitor namespace that
- contains the password for authentication.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- username:
- description: The secret in the service monitor namespace that
- contains the username for authentication.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- bearerToken:
- description: bearer token for remote read.
- type: string
- bearerTokenFile:
- description: File to read bearer token for remote read.
- type: string
- proxyUrl:
- description: Optional ProxyURL
- type: string
- readRecent:
- description: Whether reads should be made for queries for time
- ranges that the local storage should have complete data for.
- type: boolean
- remoteTimeout:
- description: Timeout for requests to the remote read endpoint.
- type: string
- requiredMatchers:
- additionalProperties:
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ url:
+ description: The URL of the endpoint to send samples to.
type: string
- description: An optional list of equality matchers which have
- to be present in a selector to query the remote read endpoint.
- type: object
- tlsConfig:
- description: TLS Config to use for remote read.
- properties:
- ca:
- description: Stuct containing the CA cert to use for the targets.
- properties:
- configMap:
- description: ConfigMap containing data to use for the
- targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
- required:
- - key
+ required:
+ - url
+ type: object
+ type: array
+ remoteWrite:
+ description: If specified, the remote_write spec. This is an experimental
+ feature, it may change in any upcoming release in a breaking way.
+ items:
+ description: RemoteWriteSpec defines the remote_write configuration
+ for prometheus.
+ properties:
+ basicAuth:
+ description: BasicAuth for the URL.
+ properties:
+ password:
+ description: The secret in the service monitor namespace
+ that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ username:
+ description: The secret in the service monitor namespace
+ that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ bearerToken:
+ description: File to read bearer token for remote write.
+ type: string
+ bearerTokenFile:
+ description: File to read bearer token for remote write.
+ type: string
+ name:
+ description: The name of the remote write queue, must be unique
+ if specified. The name is used in metrics and logging in order
+ to differentiate queues. Only valid in Prometheus versions
+ 2.15.0 and newer.
+ type: string
+ proxyUrl:
+ description: Optional ProxyURL
+ type: string
+ queueConfig:
+ description: QueueConfig allows tuning of the remote write queue
+ parameters.
+ properties:
+ batchSendDeadline:
+ description: BatchSendDeadline is the maximum time a sample
+ will wait in buffer.
+ type: string
+ capacity:
+ description: Capacity is the number of samples to buffer
+ per shard before we start dropping them.
+ type: integer
+ maxBackoff:
+ description: MaxBackoff is the maximum retry delay.
+ type: string
+ maxRetries:
+ description: MaxRetries is the maximum number of times to
+ retry a batch on recoverable errors.
+ type: integer
+ maxSamplesPerSend:
+ description: MaxSamplesPerSend is the maximum number of
+ samples per send.
+ type: integer
+ maxShards:
+ description: MaxShards is the maximum number of shards,
+ i.e. amount of concurrency.
+ type: integer
+ minBackoff:
+ description: MinBackoff is the initial retry delay. Gets
+ doubled for every retry.
+ type: string
+ minShards:
+ description: MinShards is the minimum number of shards,
+ i.e. amount of concurrency.
+ type: integer
+ type: object
+ remoteTimeout:
+ description: Timeout for requests to the remote write endpoint.
+ type: string
+ tlsConfig:
+ description: TLS Config to use for remote write.
+ properties:
+ ca:
+ description: Stuct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ url:
+ description: The URL of the endpoint to send samples to.
+ type: string
+ writeRelabelConfigs:
+ description: The list of remote write relabel configurations.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ required:
+ - url
+ type: object
+ type: array
+ replicaExternalLabelName:
+ description: Name of Prometheus external label used to denote replica
+ name. Defaults to the value of `prometheus_replica`. External label
+ will _not_ be added when value is set to empty string (`""`).
+ type: string
+ replicas:
+ description: Number of instances to deploy for a Prometheus deployment.
+ format: int32
+ type: integer
+ resources:
+ description: Define resources requests and limits for single Pods.
+ properties:
+ limits:
+ additionalProperties:
+ type: string
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ retention:
+ description: Time duration Prometheus shall retain data for. Default
+ is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)`
+ (milliseconds seconds minutes hours days weeks years).
+ type: string
+ retentionSize:
+ description: Maximum amount of disk space used by blocks.
+ type: string
+ routePrefix:
+ description: The route prefix Prometheus registers HTTP handlers for.
+ This is useful, if using ExternalURL and a proxy is rewriting HTTP
+ routes of a request, and the actual ExternalURL is still true, but
+ the server serves requests under a different route prefix. For example
+ for use with `kubectl proxy`.
+ type: string
+ ruleNamespaceSelector:
+ description: Namespaces to be selected for PrometheusRules discovery.
+ If unspecified, only the same namespace as the Prometheus object
+ is in is used.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ ruleSelector:
+ description: A selector to select which PrometheusRules to mount for
+ loading alerting/recording rules from. Until (excluding) Prometheus
+ Operator v0.24.0 Prometheus Operator will migrate any legacy rule
+ ConfigMaps to PrometheusRule custom resources selected by RuleSelector.
+ Make sure it does not match any config maps that you do not want
+ to be migrated.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ rules:
+ description: /--rules.*/ command-line arguments.
+ properties:
+ alert:
+ description: /--rules.alert.*/ command-line arguments
+ properties:
+ forGracePeriod:
+ description: Minimum duration between alert and restored 'for'
+ state. This is maintained only for alerts with configured
+ 'for' time greater than grace period.
+ type: string
+ forOutageTolerance:
+ description: Max time to tolerate prometheus outage for restoring
+ 'for' state of alert.
+ type: string
+ resendDelay:
+ description: Minimum amount of time to wait before resending
+ an alert to Alertmanager.
+ type: string
+ type: object
+ type: object
+ scrapeInterval:
+ description: Interval between consecutive scrapes.
+ type: string
+ secrets:
+ description: Secrets is a list of Secrets in the same namespace as
+ the Prometheus object, which shall be mounted into the Prometheus
+ Pods. The Secrets are mounted into /etc/prometheus/secrets/<secret-name>.
+ items:
+ type: string
+ type: array
+ securityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings. This defaults to the default PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified defaults to "Always".'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID. If
+ unspecified, no groups will be added to any container.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to use to run the Prometheus Pods.
+ type: string
+ serviceMonitorNamespaceSelector:
+ description: Namespaces to be selected for ServiceMonitor discovery.
+ If nil, only check own namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ serviceMonitorSelector:
+ description: ServiceMonitors to be selected for target discovery.
+ *Deprecated:* if neither this nor podMonitorSelector are specified,
+ configuration is unmanaged.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ sha:
+ description: SHA of Prometheus container image to be deployed. Defaults
+ to the value of `version`. Similar to a tag, but the SHA explicitly
+ deploys an immutable container image. Version and Tag are ignored
+ if SHA is set.
+ type: string
+ storage:
+ description: Storage spec to specify how storage shall be used.
+ properties:
+ disableMountSubPath:
+ description: 'Deprecated: subPath usage will be disabled by default
+ in a future release, this option will become unnecessary. DisableMountSubPath
+ allows to remove any subPath usage in volume mounts.'
+ type: boolean
+ emptyDir:
+ description: 'EmptyDirVolumeSource to be used by the Prometheus
+ StatefulSets. If specified, used in place of any volumeClaimTemplate.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back this
+ directory. The default is "" which means to use the node''s
+ default medium. Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ description: 'Total amount of local storage required for this
+ EmptyDir volume. The size limit is also applicable for memory
+ medium. The maximum usage on memory medium EmptyDir would
+ be the minimum value between the SizeLimit specified here
+ and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ type: string
+ type: object
+ volumeClaimTemplate:
+ description: A PVC spec to be used by the Prometheus StatefulSets.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: EmbeddedMetadata contains metadata relevant to
+ an EmbeddedResource.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata. They
+ are not queryable and should be preserved when modifying
+ objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- required:
- - key
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be
+ used to organize and categorize (scope and select) objects.
+ May match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
type: object
+ name:
+ description: 'Name must be unique within a namespace.
+ Is required when creating resources, although some resources
+ may allow a client to request the generation of an appropriate
+ name automatically. Name is primarily intended for creation
+ idempotence and configuration definition. Cannot be
+ updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
type: object
- caFile:
- description: Path to the CA cert in the Prometheus container
- to use for the targets.
- type: string
- cert:
- description: Struct containing the client cert file for the
- targets.
+ spec:
+ description: 'Spec defines the desired characteristics of
+ a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
- configMap:
- description: ConfigMap containing data to use for the
- targets.
+ accessModes:
+ description: 'AccessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot
+ - Beta) * An existing PVC (PersistentVolumeClaim) *
+ An existing custom resource/object that implements data
+ population (Alpha) In order to use VolumeSnapshot object
+ types, the appropriate feature gate must be enabled
+ (VolumeSnapshotDataSource or AnyVolumeDataSource) If
+ the provisioner or an external controller can support
+ the specified data source, it will create a new volume
+ based on the contents of the specified data source.
+ If the specified data source is not supported, the volume
+ will not be created and the failure will be reported
+ as an event. In the future, we plan to support more
+ data source types and the behavior of the provisioner
+ may change.'
properties:
- key:
- description: The key to select.
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: Name is the name of resource being referenced
type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
required:
- - key
+ - kind
+ - name
type: object
- secret:
- description: Secret containing data to use for the targets.
+ resources:
+ description: 'Resources represents the minimum resources
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- required:
- - key
+ limits:
+ additionalProperties:
+ type: string
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
type: object
- type: object
- certFile:
- description: Path to the client cert file in the Prometheus
- container for the targets.
- type: string
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keyFile:
- description: Path to the client key file in the Prometheus
- container for the targets.
- type: string
- keySecret:
- description: Secret containing the client key file for the
- targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
- type: object
- url:
- description: The URL of the endpoint to send samples to.
- type: string
- required:
- - url
- type: object
- type: array
- remoteWrite:
- description: If specified, the remote_write spec. This is an experimental
- feature, it may change in any upcoming release in a breaking way.
- items:
- description: RemoteWriteSpec defines the remote_write configuration
- for prometheus.
- properties:
- basicAuth:
- description: BasicAuth for the URL.
- properties:
- password:
- description: The secret in the service monitor namespace that
- contains the password for authentication.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ selector:
+ description: A label query over volumes to consider for
+ binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required by the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference to the
+ PersistentVolume backing this claim.
type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
type: object
- username:
- description: The secret in the service monitor namespace that
- contains the username for authentication.
+ status:
+ description: 'Status represents the current information/status
+ of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ accessModes:
+ description: 'AccessModes contains the actual access modes
+ the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ capacity:
+ additionalProperties:
+ type: string
+ description: Represents the actual resources of the underlying
+ volume.
+ type: object
+ conditions:
+ description: Current Condition of persistent volume claim.
+ If underlying persistent volume is being resized then
+ the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails
+ details about state of pvc
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned
+ from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: Human-readable message indicating details
+ about last transition.
+ type: string
+ reason:
+ description: Unique, this should be a short, machine
+ understandable string that gives the reason for
+ condition's last transition. If it reports "ResizeStarted"
+ that means the underlying persistent volume is
+ being resized.
+ type: string
+ status:
+ type: string
+ type:
+ description: PersistentVolumeClaimConditionType
+ is a valid value of PersistentVolumeClaimCondition.Type
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ description: Phase represents the current phase of PersistentVolumeClaim.
type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
type: object
type: object
- bearerToken:
- description: File to read bearer token for remote write.
- type: string
- bearerTokenFile:
- description: File to read bearer token for remote write.
- type: string
- proxyUrl:
- description: Optional ProxyURL
- type: string
- queueConfig:
- description: QueueConfig allows tuning of the remote write queue
- parameters.
- properties:
- batchSendDeadline:
- description: BatchSendDeadline is the maximum time a sample
- will wait in buffer.
- type: string
- capacity:
- description: Capacity is the number of samples to buffer per
- shard before we start dropping them.
- type: integer
- maxBackoff:
- description: MaxBackoff is the maximum retry delay.
- type: string
- maxRetries:
- description: MaxRetries is the maximum number of times to
- retry a batch on recoverable errors.
- type: integer
- maxSamplesPerSend:
- description: MaxSamplesPerSend is the maximum number of samples
- per send.
- type: integer
- maxShards:
- description: MaxShards is the maximum number of shards, i.e.
- amount of concurrency.
- type: integer
- minBackoff:
- description: MinBackoff is the initial retry delay. Gets doubled
- for every retry.
- type: string
- minShards:
- description: MinShards is the minimum number of shards, i.e.
- amount of concurrency.
- type: integer
- type: object
- remoteTimeout:
- description: Timeout for requests to the remote write endpoint.
+ type: object
+ tag:
+ description: Tag of Prometheus container image to be deployed. Defaults
+ to the value of `version`. Version is ignored if Tag is set.
+ type: string
+ thanos:
+ description: "Thanos configuration allows configuring various aspects
+ of a Prometheus server in a Thanos environment. \n This section
+ is experimental, it may change significantly without deprecation
+ notice in any release. \n This is experimental and may change significantly
+ without backward compatibility in any release."
+ properties:
+ baseImage:
+ description: Thanos base image if other than default.
type: string
- tlsConfig:
- description: TLS Config to use for remote write.
+ grpcServerTlsConfig:
+ description: 'GRPCServerTLSConfig configures the gRPC server from
+ which Thanos Querier reads recorded rule data. Note: Currently
+ only the CAFile, CertFile, and KeyFile fields are supported.
+ Maps to the ''--grpc-server-tls-*'' CLI args.'
properties:
ca:
description: Stuct containing the CA cert to use for the targets.
@@ -3816,2188 +4746,1426 @@ spec:
description: Used to verify the hostname for the targets.
type: string
type: object
- url:
- description: The URL of the endpoint to send samples to.
+ image:
+ description: Image if specified has precedence over baseImage,
+ tag and sha combinations. Specifying the version is still necessary
+ to ensure the Prometheus Operator knows what version of Thanos
+ is being configured.
type: string
- writeRelabelConfigs:
- description: The list of remote write relabel configurations.
- items:
- description: 'RelabelConfig allows dynamic rewriting of the
- label set, being applied to samples before ingestion. It defines
- `<metric_relabel_configs>`-section of Prometheus configuration.
- More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
- properties:
- action:
- description: Action to perform based on regex matching.
- Default is 'replace'
- type: string
- modulus:
- description: Modulus to take of the hash of the source label
- values.
- format: int64
- type: integer
- regex:
- description: Regular expression against which the extracted
- value is matched. Default is '(.*)'
- type: string
- replacement:
- description: Replacement value against which a regex replace
- is performed if the regular expression matches. Regex
- capture groups are available. Default is '$1'
- type: string
- separator:
- description: Separator placed between concatenated source
- label values. default is ';'.
- type: string
- sourceLabels:
- description: The source labels select values from existing
- labels. Their content is concatenated using the configured
- separator and matched against the configured regular expression
- for the replace, keep, and drop actions.
- items:
- type: string
- type: array
- targetLabel:
- description: Label to which the resulting value is written
- in a replace action. It is mandatory for replace actions.
- Regex capture groups are available.
- type: string
- type: object
- type: array
- required:
- - url
- type: object
- type: array
- replicaExternalLabelName:
- description: Name of Prometheus external label used to denote replica
- name. Defaults to the value of `prometheus_replica`. External label
- will _not_ be added when value is set to empty string (`""`).
- type: string
- replicas:
- description: Number of instances to deploy for a Prometheus deployment.
- format: int32
- type: integer
- resources:
- description: Define resources requests and limits for single Pods.
- properties:
- limits:
- additionalProperties:
+ listenLocal:
+ description: ListenLocal makes the Thanos sidecar listen on loopback,
+ so that it does not bind against the Pod IP.
+ type: boolean
+ logFormat:
+ description: LogFormat for Thanos sidecar to be configured with.
type: string
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
+ logLevel:
+ description: LogLevel for Thanos sidecar to be configured with.
type: string
- description: 'Requests describes the minimum amount of compute resources
- required. If Requests is omitted for a container, it defaults
- to Limits if that is explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- retention:
- description: Time duration Prometheus shall retain data for. Default
- is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)`
- (milliseconds seconds minutes hours days weeks years).
- type: string
- retentionSize:
- description: Maximum amount of disk space used by blocks.
- type: string
- routePrefix:
- description: The route prefix Prometheus registers HTTP handlers for.
- This is useful, if using ExternalURL and a proxy is rewriting HTTP
- routes of a request, and the actual ExternalURL is still true, but
- the server serves requests under a different route prefix. For example
- for use with `kubectl proxy`.
- type: string
- ruleNamespaceSelector:
- description: Namespaces to be selected for PrometheusRules discovery.
- If unspecified, only the same namespace as the Prometheus object is
- in is used.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
+ objectStorageConfig:
+ description: ObjectStorageConfig configures object storage in
+ Thanos.
properties:
key:
- description: key is the label key that the selector applies
- to.
+ description: The key of the secret to select from. Must be
+ a valid secret key.
type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
required:
- key
- - operator
type: object
- type: array
- matchLabels:
- additionalProperties:
+ resources:
+ description: Resources defines the resource requirements for the
+ Thanos sidecar. If not provided, no requests/limits will be
+ set
+ properties:
+ limits:
+ additionalProperties:
+ type: string
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ sha:
+ description: SHA of Thanos container image to be deployed. Defaults
+ to the value of `version`. Similar to a tag, but the SHA explicitly
+ deploys an immutable container image. Version and Tag are ignored
+ if SHA is set.
type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- ruleSelector:
- description: A selector to select which PrometheusRules to mount for
- loading alerting rules from. Until (excluding) Prometheus Operator
- v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps
- to PrometheusRule custom resources selected by RuleSelector. Make
- sure it does not match any config maps that you do not want to be
- migrated.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
+ tag:
+ description: Tag of Thanos sidecar container image to be deployed.
+ Defaults to the value of `version`. Version is ignored if Tag
+ is set.
+ type: string
+ tracingConfig:
+ description: TracingConfig configures tracing in Thanos. This
+ is an experimental feature, it may change in any upcoming release
+ in a breaking way.
properties:
key:
- description: key is the label key that the selector applies
- to.
+ description: The key of the secret to select from. Must be
+ a valid secret key.
type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
required:
- key
- - operator
type: object
- type: array
- matchLabels:
- additionalProperties:
+ version:
+ description: Version describes the version of Thanos to use.
type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- rules:
- description: /--rules.*/ command-line arguments.
- properties:
- alert:
- description: /--rules.alert.*/ command-line arguments
+ type: object
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
properties:
- forGracePeriod:
- description: Minimum duration between alert and restored 'for'
- state. This is maintained only for alerts with configured
- 'for' time greater than grace period.
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
type: string
- forOutageTolerance:
- description: Max time to tolerate prometheus outage for restoring
- 'for' state of alert.
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
type: string
- resendDelay:
- description: Minimum amount of time to wait before resending
- an alert to Alertmanager.
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
type: string
type: object
- type: object
- scrapeInterval:
- description: Interval between consecutive scrapes.
- type: string
- secrets:
- description: Secrets is a list of Secrets in the same namespace as the
- Prometheus object, which shall be mounted into the Prometheus Pods.
- The Secrets are mounted into /etc/prometheus/secrets/<secret-name>.
- items:
+ type: array
+ version:
+ description: Version of Prometheus to be deployed.
type: string
- type: array
- securityContext:
- description: SecurityContext holds pod-level security attributes and
- common container settings. This defaults to the default PodSecurityContext.
- properties:
- fsGroup:
- description: "A special supplemental group that applies to all containers
- in a pod. Some volume types allow the Kubelet to change the ownership
- of that volume to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files created in
- the volume will be owned by FSGroup) 3. The permission bits are
- OR'd with rw-rw---- \n If unset, the Kubelet will not modify the
- ownership and permissions of any volume."
- format: int64
- type: integer
- runAsGroup:
- description: The GID to run the entrypoint of the container process.
- Uses runtime default if unset. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for that container.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail to start
- the container if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If set
- in both SecurityContext and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified. May
- also be set in SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to all containers.
- If unspecified, the container runtime will allocate a random SELinux
- context for each container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for that container.
+ volumeMounts:
+ description: VolumeMounts allows configuration of additional VolumeMounts
+ on the output StatefulSet definition. VolumeMounts specified will
+ be appended to other VolumeMounts in the prometheus container, that
+ are generated as a result of StorageSpec objects.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
properties:
- level:
- description: Level is SELinux level label that applies to the
- container.
- type: string
- role:
- description: Role is a SELinux role label that applies to the
- container.
+ mountPath:
+ description: Path within the container at which the volume should
+ be mounted. Must not contain ':'.
type: string
- type:
- description: Type is a SELinux type label that applies to the
- container.
+ mountPropagation:
+ description: mountPropagation determines how mounts are propagated
+ from the host to container and the other way around. When
+ not set, MountPropagationNone is used. This field is beta
+ in 1.10.
type: string
- user:
- description: User is a SELinux user label that applies to the
- container.
- type: string
- type: object
- supplementalGroups:
- description: A list of groups applied to the first process run in
- each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls used for
- the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
- items:
- description: Sysctl defines a kernel parameter to be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied to all containers.
- If unspecified, the options within a container's SecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named by
- the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ name:
+ description: This must match the Name of a Volume.
type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the GMSA
- credential spec to use. This field is alpha-level and is only
- honored by servers that enable the WindowsGMSA feature flag.
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint of
- the container process. Defaults to the user specified in image
- metadata if unspecified. May also be set in PodSecurityContext.
- If set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence. This
- field is beta-level and may be disabled with the WindowsRunAsUserName
- feature flag.
+ subPathExpr:
+ description: Expanded path within the volume from which the
+ container's volume should be mounted. Behaves similarly to
+ SubPath but environment variable references $(VAR_NAME) are
+ expanded using the container's environment. Defaults to ""
+ (volume's root). SubPathExpr and SubPath are mutually exclusive.
type: string
+ required:
+ - mountPath
+ - name
type: object
- type: object
- serviceAccountName:
- description: ServiceAccountName is the name of the ServiceAccount to
- use to run the Prometheus Pods.
- type: string
- serviceMonitorNamespaceSelector:
- description: Namespaces to be selected for ServiceMonitor discovery.
- If nil, only check own namespace.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
+ type: array
+ volumes:
+ description: Volumes allows configuration of additional volumes on
+ the output StatefulSet definition. Volumes specified will be appended
+ to other volumes that are generated as a result of StorageSpec objects.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- serviceMonitorSelector:
- description: ServiceMonitors to be selected for target discovery.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify the
+ partition as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the default
+ is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- sha:
- description: SHA of Prometheus container image to be deployed. Defaults
- to the value of `version`. Similar to a tag, but the SHA explicitly
- deploys an immutable container image. Version and Tag are ignored
- if SHA is set.
- type: string
- storage:
- description: Storage spec to specify how storage shall be used.
- properties:
- emptyDir:
- description: 'EmptyDirVolumeSource to be used by the Prometheus
- StatefulSets. If specified, used in place of any volumeClaimTemplate.
- More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
- properties:
- medium:
- description: 'What type of storage medium should back this directory.
- The default is "" which means to use the node''s default medium.
- Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- description: 'Total amount of local storage required for this
- EmptyDir volume. The size limit is also applicable for memory
- medium. The maximum usage on memory medium EmptyDir would
- be the minimum value between the SizeLimit specified here
- and the sum of memory limits of all containers in a pod. The
- default is nil which means that the limit is undefined. More
- info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- type: string
- type: object
- volumeClaimTemplate:
- description: A PVC spec to be used by the Prometheus StatefulSets.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this
- representation of an object. Servers should convert recognized
- schemas to the latest internal value, and may reject unrecognized
- values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource
- this object represents. Servers may infer this from the endpoint
- the client submits requests to. Cannot be updated. In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob disks
+ per storage account Dedicated: single blob disk per storage
+ account Managed: azure managed data disk (only in managed
+ availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure Storage
+ Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
type: object
- spec:
- description: 'Spec defines the desired characteristics of a
- volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
properties:
- accessModes:
- description: 'AccessModes contains the desired access modes
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ monitors:
+ description: 'Required: Monitors is a collection of Ceph
+ monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
- dataSource:
- description: This field requires the VolumeSnapshotDataSource
- alpha feature gate to be enabled and currently VolumeSnapshot
- is the only supported data source. If the provisioner
- can support VolumeSnapshot data source, it will create
- a new volume and data will be restored to the volume at
- the same time. If the provisioner does not support VolumeSnapshot
- data source, volume will not be created and the failure
- will be reported as an event. In the future, we plan to
- support more data source types and the behavior of the
- provisioner may change.
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key ring
+ for User, default is /etc/ceph/user.secret More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the authentication
+ secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
- apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified, the
- specified Kind must be in the core API group. For
- any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
name:
- description: Name is the name of resource being referenced
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- required:
- - kind
- - name
type: object
- resources:
- description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ user:
+ description: 'Optional: User is the rados user name, default
+ is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
properties:
- limits:
- additionalProperties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in the
+ Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
type: string
- description: 'Limits describes the maximum amount of
- compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map
+ the key to. May not be an absolute path. May not
+ contain the path element '..'. May not start with
+ the string '..'.
type: string
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is omitted
- for a container, it defaults to Limits if that is
- explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys must
+ be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents storage
+ that is handled by an external CSI driver (Alpha feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed to
+ the associated CSI driver which will determine the default
+ filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
type: object
- selector:
- description: A label query over volumes to consider for
- binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ readOnly:
+ description: Specifies a read-only configuration for the
+ volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
properties:
- key:
- description: key is the label key that the selector
- applies to.
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be empty.
- This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
required:
- - key
- - operator
+ - fieldPath
type: object
- type: array
- matchLabels:
- additionalProperties:
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
- type: object
- type: object
- storageClassName:
- description: 'Name of the StorageClass required by the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines what type of volume is required
- by the claim. Value of Filesystem is implied when not
- included in claim spec. This is a beta feature.
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back this
+ directory. The default is "" which means to use the node''s
+ default medium. Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
- volumeName:
- description: VolumeName is the binding reference to the
- PersistentVolume backing this claim.
+ sizeLimit:
+ description: 'Total amount of local storage required for
+ this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the limit
+ is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
type: string
type: object
- status:
- description: 'Status represents the current information/status
- of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ fc:
+ description: FC represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
properties:
- accessModes:
- description: 'AccessModes contains the actual access modes
- the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
items:
type: string
type: array
- capacity:
- additionalProperties:
- type: string
- description: Represents the actual resources of the underlying
- volume.
- type: object
- conditions:
- description: Current Condition of persistent volume claim.
- If underlying persistent volume is being resized then
- the Condition will be set to 'ResizeStarted'.
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
items:
- description: PersistentVolumeClaimCondition contails details
- about state of pvc
- properties:
- lastProbeTime:
- description: Last time we probed the condition.
- format: date-time
- type: string
- lastTransitionTime:
- description: Last time the condition transitioned
- from one status to another.
- format: date-time
- type: string
- message:
- description: Human-readable message indicating details
- about last transition.
- type: string
- reason:
- description: Unique, this should be a short, machine
- understandable string that gives the reason for
- condition's last transition. If it reports "ResizeStarted"
- that means the underlying persistent volume is being
- resized.
- type: string
- status:
- type: string
- type:
- description: PersistentVolumeClaimConditionType is
- a valid value of PersistentVolumeClaimCondition.Type
- type: string
- required:
- - status
- - type
- type: object
+ type: string
type: array
- phase:
- description: Phase represents the current phase of PersistentVolumeClaim.
- type: string
type: object
- type: object
- type: object
- tag:
- description: Tag of Prometheus container image to be deployed. Defaults
- to the value of `version`. Version is ignored if Tag is set.
- type: string
- thanos:
- description: "Thanos configuration allows configuring various aspects
- of a Prometheus server in a Thanos environment. \n This section is
- experimental, it may change significantly without deprecation notice
- in any release. \n This is experimental and may change significantly
- without backward compatibility in any release."
- properties:
- baseImage:
- description: Thanos base image if other than default.
- type: string
- grpcServerTlsConfig:
- description: 'GRPCServerTLSConfig configures the gRPC server from
- which Thanos Querier reads recorded rule data. Note: Currently
- only the CAFile, CertFile, and KeyFile fields are supported. Maps
- to the ''--grpc-server-tls-*'' CLI args.'
- properties:
- ca:
- description: Stuct containing the CA cert to use for the targets.
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
+ driver:
+ description: Driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
type: object
- secret:
- description: Secret containing data to use for the targets.
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the secret
+ object containing sensitive information to pass to the
+ plugin scripts. This may be empty if no secret object
+ is specified. If the secret object contains more than
+ one secret, all secrets are passed to the plugin scripts.'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
type: object
+ required:
+ - driver
type: object
- caFile:
- description: Path to the CA cert in the Prometheus container
- to use for the targets.
- type: string
- cert:
- description: Struct containing the client cert file for the
- targets.
+ flocker:
+ description: Flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
+ datasetName:
+ description: Name of the dataset stored as metadata -> name
+ on the dataset for Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
type: object
- certFile:
- description: Path to the client cert file in the Prometheus
- container for the targets.
- type: string
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keyFile:
- description: Path to the client key file in the Prometheus container
- for the targets.
- type: string
- keySecret:
- description: Secret containing the client key file for the targets.
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify the
+ partition as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE. Used
+ to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
required:
- - key
+ - pdName
type: object
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
- type: object
- image:
- description: Image if specified has precedence over baseImage, tag
- and sha combinations. Specifying the version is still necessary
- to ensure the Prometheus Operator knows what version of Thanos
- is being configured.
- type: string
- listenLocal:
- description: ListenLocal makes the Thanos sidecar listen on loopback,
- so that it does not bind against the Pod IP.
- type: boolean
- objectStorageConfig:
- description: ObjectStorageConfig configures object storage in Thanos.
- properties:
- key:
- description: The key of the secret to select from. Must be
- a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- resources:
- description: Resources defines the resource requirements for the
- Thanos sidecar. If not provided, no requests/limits will be set
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain or
+ start with '..'. If '.' is supplied, the volume directory
+ will be the git repository. Otherwise, if specified,
+ the volume will contain the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
type: object
- requests:
- additionalProperties:
- type: string
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
type: object
- type: object
- sha:
- description: SHA of Thanos container image to be deployed. Defaults
- to the value of `version`. Similar to a tag, but the SHA explicitly
- deploys an immutable container image. Version and Tag are ignored
- if SHA is set.
- type: string
- tag:
- description: Tag of Thanos sidecar container image to be deployed.
- Defaults to the value of `version`. Version is ignored if Tag
- is set.
- type: string
- tracingConfig:
- description: TracingConfig configures tracing in Thanos. This is
- an experimental feature, it may change in any upcoming release
- in a breaking way.
- properties:
- key:
- description: The key of the secret to select from. Must be
- a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- version:
- description: Version describes the version of Thanos to use.
- type: string
- type: object
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to tolerates any
- taint that matches the triple <key,value,effect> using the matching
- operator <operator>.
- properties:
- effect:
- description: Effect indicates the taint effect to match. Empty
- means match all taint effects. When specified, allowed values
- are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty, operator
- must be Exists; this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal. Exists
- is equivalent to wildcard for value, so that a pod can tolerate
- all taints of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period of time the
- toleration (which must be of effect NoExecute, otherwise this
- field is ignored) tolerates the taint. By default, it is not
- set, which means tolerate the taint forever (do not evict).
- Zero and negative values will be treated as 0 (evict immediately)
- by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise
- just a regular string.
- type: string
- type: object
- type: array
- version:
- description: Version of Prometheus to be deployed.
- type: string
- volumeMounts:
- description: VolumeMounts allows configuration of additional VolumeMounts
- on the output StatefulSet definition. VolumeMounts specified will
- be appended to other VolumeMounts in the prometheus container, that
- are generated as a result of StorageSpec objects.
- items:
- description: VolumeMount describes a mounting of a Volume within a
- container.
- properties:
- mountPath:
- description: Path within the container at which the volume should
- be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts are propagated
- from the host to container and the other way around. When not
- set, MountPropagationNone is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise (false
- or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which the container's
- volume should be mounted. Behaves similarly to SubPath but environment
- variable references $(VAR_NAME) are expanded using the container's
- environment. Defaults to "" (volume's root). SubPathExpr and
- SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- volumes:
- description: Volumes allows configuration of additional volumes on the
- output StatefulSet definition. Volumes specified will be appended
- to other volumes that are generated as a result of StorageSpec objects.
- items:
- description: Volume represents a named volume in a pod that may be
- accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an AWS Disk resource
- that is attached to a kubelet''s host machine and then exposed
- to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- partition:
- description: 'The partition in the volume that you want to
- mount. If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for /dev/sda is
- "0" (or you can leave the property empty).'
- format: int32
- type: integer
- readOnly:
- description: 'Specify "true" to force and set the ReadOnly
- property in VolumeMounts to "true". If omitted, the default
- is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: boolean
- volumeID:
- description: 'Unique ID of the persistent disk resource in
- AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: AzureDisk represents an Azure Data Disk mount on
- the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'Host Caching mode: None, Read Only, Read Write.'
- type: string
- diskName:
- description: The Name of the data disk in the blob storage
- type: string
- diskURI:
- description: The URI the data disk in the blob storage
- type: string
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'Expected values Shared: multiple blob disks
- per storage account Dedicated: single blob disk per storage
- account Managed: azure managed data disk (only in managed
- availability set). defaults to shared'
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: AzureFile represents an Azure File Service mount
- on the host and bind mount to the pod.
- properties:
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: the name of secret that contains Azure Storage
- Account Name and Key
- type: string
- shareName:
- description: Share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: CephFS represents a Ceph FS mount on the host that
- shares a pod's lifetime
- properties:
- monitors:
- description: 'Required: Monitors is a collection of Ceph monitors
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- items:
+ hostPath:
+ description: 'HostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
- type: array
- path:
- description: 'Optional: Used as the mounted root, rather than
- the full Ceph tree, default is /'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts. More
- info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: boolean
- secretFile:
- description: 'Optional: SecretFile is the path to key ring
- for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- secretRef:
- description: 'Optional: SecretRef is reference to the authentication
- secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- user:
- description: 'Optional: User is the rados user name, default
- is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: 'Cinder represents a cinder volume attached and mounted
- on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- properties:
- fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts. More
- info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: boolean
- secretRef:
- description: 'Optional: points to a secret object containing
- parameters used to connect to OpenStack.'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ type:
+ description: 'Type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new iSCSI
+ interface <target portal>:<volume name> will be created
+ for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ items:
type: string
- type: object
- volumeID:
- description: 'volume id used to identify the volume in cinder.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: ConfigMap represents a configMap that should populate
- this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value pair in the Data
- field of the referenced ConfigMap will be projected into
- the volume as a file whose name is the key and content is
- the value. If specified, the listed keys will be projected
- into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the
- ConfigMap, the volume setup will error unless it is marked
- optional. Paths must be relative and may not contain the
- '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the
- key to. May not be an absolute path. May not contain
- the path element '..'. May not start with the string
- '..'.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- required:
- - key
- - path
type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its keys must
- be defined
- type: boolean
- type: object
- csi:
- description: CSI (Container Storage Interface) represents storage
- that is handled by an external CSI driver (Alpha feature).
- properties:
- driver:
- description: Driver is the name of the CSI driver that handles
- this volume. Consult with your admin for the correct name
- as registered in the cluster.
- type: string
- fsType:
- description: Filesystem type to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is passed to the
- associated CSI driver which will determine the default filesystem
- to apply.
- type: string
- nodePublishSecretRef:
- description: NodePublishSecretRef is a reference to the secret
- object containing sensitive information to pass to the CSI
- driver to complete the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be empty if no secret
- is required. If the secret object contains more than one
- secret, all secret references are passed.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- readOnly:
- description: Specifies a read-only configuration for the volume.
- Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either an
+ IP or ip_addr:port if the port is other than default (typically
+ TCP ports 860 and 3260).
type: string
- description: VolumeAttributes stores driver-specific properties
- that are passed to the CSI driver. Consult your driver's
- documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: DownwardAPI represents downward API about the pod
- that should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume file
- items:
- description: DownwardAPIVolumeFile represents information
- to create the file containing the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of the pod:
- only annotations, labels, name and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative path name
- of the file to be created. Must not be absolute or
- contain the ''..'' path. Must be utf-8 encoded. The
- first item of the relative path must not start with
- ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are currently supported.'
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
- type: string
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: 'EmptyDir represents a temporary directory that shares
- a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- properties:
- medium:
- description: 'What type of storage medium should back this
- directory. The default is "" which means to use the node''s
- default medium. Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- description: 'Total amount of local storage required for this
- EmptyDir volume. The size limit is also applicable for memory
- medium. The maximum usage on memory medium EmptyDir would
- be the minimum value between the SizeLimit specified here
- and the sum of memory limits of all containers in a pod.
- The default is nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- type: string
- type: object
- fc:
- description: FC represents a Fibre Channel resource that is attached
- to a kubelet's host machine and then exposed to the pod.
- properties:
- fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- lun:
- description: 'Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.'
- type: boolean
- targetWWNs:
- description: 'Optional: FC target worldwide names (WWNs)'
- items:
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
- type: array
- wwids:
- description: 'Optional: FC volume world wide identifiers (wwids)
- Either wwids or combination of targetWWNs and lun must be
- set, but not both simultaneously.'
- items:
+ readOnly:
+ description: 'ReadOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
- type: array
- type: object
- flexVolume:
- description: FlexVolume represents a generic volume resource that
- is provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: Driver is the name of the driver to use for this
- volume.
- type: string
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends on FlexVolume
- script.
- type: string
- options:
- additionalProperties:
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
- description: 'Optional: Extra command options if any.'
- type: object
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.'
- type: boolean
- secretRef:
- description: 'Optional: SecretRef is reference to the secret
- object containing sensitive information to pass to the plugin
- scripts. This may be empty if no secret object is specified.
- If the secret object contains more than one secret, all
- secrets are passed to the plugin scripts.'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- required:
- - driver
- type: object
- flocker:
- description: Flocker represents a Flocker volume attached to a
- kubelet's host machine. This depends on the Flocker control
- service being running
- properties:
- datasetName:
- description: Name of the dataset stored as metadata -> name
- on the dataset for Flocker should be considered as deprecated
- type: string
- datasetUUID:
- description: UUID of the dataset. This is unique identifier
- of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE Disk resource
- that is attached to a kubelet''s host machine and then exposed
- to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- partition:
- description: 'The partition in the volume that you want to
- mount. If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for /dev/sda is
- "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: 'Unique name of the PD resource in GCE. Used
- to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: 'GitRepo represents a git repository at a particular
- revision. DEPRECATED: GitRepo is deprecated. To provision a
- container with a git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the EmptyDir into
- the Pod''s container.'
- properties:
- directory:
- description: Target directory name. Must not contain or start
- with '..'. If '.' is supplied, the volume directory will
- be the git repository. Otherwise, if specified, the volume
- will contain the git repository in the subdirectory with
- the given name.
- type: string
- repository:
- description: Repository URL
- type: string
- revision:
- description: Commit hash for the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: 'Glusterfs represents a Glusterfs mount on the host
- that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
- properties:
- endpoints:
- description: 'EndpointsName is the endpoint name that details
- Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- path:
- description: 'Path is the Glusterfs volume path. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- readOnly:
- description: 'ReadOnly here will force the Glusterfs volume
- to be mounted with read-only permissions. Defaults to false.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: 'HostPath represents a pre-existing file or directory
- on the host machine that is directly exposed to the container.
- This is generally used for system agents or other privileged
- things that are allowed to see the host machine. Most containers
- will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can use host directory
- mounts and who can/can not mount host directories as read/write.'
- properties:
- path:
- description: 'Path of the directory on the host. If the path
- is a symlink, it will follow the link to the real path.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- type:
- description: 'Type for HostPath Volume Defaults to "" More
- info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: 'ISCSI represents an ISCSI Disk resource that is
- attached to a kubelet''s host machine and then exposed to the
- pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
- properties:
- chapAuthDiscovery:
- description: whether support iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: whether support iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- initiatorName:
- description: Custom iSCSI Initiator Name. If initiatorName
- is specified with iscsiInterface simultaneously, new iSCSI
- interface <target portal>:<volume name> will be created
- for the connection.
- type: string
- iqn:
- description: Target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iSCSI Interface Name that uses an iSCSI transport.
- Defaults to 'default' (tcp).
- type: string
- lun:
- description: iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: iSCSI Target Portal List. The portal is either
- an IP or ip_addr:port if the port is other than default
- (typically TCP ports 860 and 3260).
- items:
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
- type: array
- readOnly:
- description: ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: CHAP Secret for iSCSI target and initiator authentication
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- targetPortal:
- description: iSCSI Target Portal. The Portal is either an
- IP or ip_addr:port if the port is other than default (typically
- TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: 'Volume''s name. Must be a DNS_LABEL and unique within
- the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- nfs:
- description: 'NFS represents an NFS mount on the host that shares
- a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'Path that is exported by the NFS server. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'ReadOnly here will force the NFS export to be
- mounted with read-only permissions. Defaults to false. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'Server is the hostname or IP address of the
- NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource represents a reference
- to a PersistentVolumeClaim in the same namespace. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this volume. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: Will force the ReadOnly setting in VolumeMounts.
- Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: ID that identifies Photon Controller persistent
- disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: PortworxVolume represents a portworx volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: FSType represents the filesystem type to mount
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: VolumeID uniquely identifies a Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: Items for all in one resources secrets, configmaps,
- and downward API
- properties:
- defaultMode:
- description: Mode bits to use on created files by default.
- Must be a value between 0 and 0777. Directories within the
- path are not affected by this setting. This might be in
- conflict with other options that affect the file mode, like
- fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: list of volume projections
- items:
- description: Projection that may be projected along with
- other supported volume types
- properties:
- configMap:
- description: information about the configMap data to
- project
- properties:
- items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced ConfigMap
- will be projected into the volume as a file whose
- name is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present.
- If a key is specified which is not present in
- the ConfigMap, the volume setup will error unless
- it is marked optional. Paths must be relative
- and may not contain the '..' path or start with
- '..'.
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits to use on created files by default.
+ Must be a value between 0 and 0777. Directories within
+ the path are not affected by this setting. This might
+ be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits
+ set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its
- keys must be defined
- type: boolean
- type: object
- downwardAPI:
- description: information about the downwardAPI data
- to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
+ description: If unspecified, each key-value pair
+ in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file
+ to map the key to. May not be an absolute
+ path. May not contain the path element
+ '..'. May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI data
+ to project
+ properties:
items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing the
- pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of
- the pod: only annotations, labels, name
- and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created. Must
- not be absolute or contain the ''..'' path.
- Must be utf-8 encoded. The first item of
- the relative path must not start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, requests.cpu and requests.memory)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- type: string
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: information about the secret data to project
- properties:
- items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced Secret will
- be projected into the volume as a file whose name
- is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present.
- If a key is specified which is not present in
- the Secret, the volume setup will error unless
- it is marked optional. Paths must be relative
- and may not contain the '..' path or start with
- '..'.
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ type: string
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data to
+ project
+ properties:
items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- type: object
- serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
- properties:
- audience:
- description: Audience is the intended audience of
- the token. A recipient of a token must identify
- itself with an identifier specified in the audience
- of the token, and otherwise should reject the
- token. The audience defaults to the identifier
- of the apiserver.
- type: string
- expirationSeconds:
- description: ExpirationSeconds is the requested
- duration of validity of the service account token.
- As the token approaches expiration, the kubelet
- volume plugin will proactively rotate the service
- account token. The kubelet will start trying to
- rotate the token if the token is older than 80
- percent of its time to live or if the token is
- older than 24 hours.Defaults to 1 hour and must
- be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: Path is the path relative to the mount
- point of the file to project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- required:
- - sources
- type: object
- quobyte:
- description: Quobyte represents a Quobyte mount on the host that
- shares a pod's lifetime
- properties:
- group:
- description: Group to map volume access to Default is no group
- type: string
- readOnly:
- description: ReadOnly here will force the Quobyte volume to
- be mounted with read-only permissions. Defaults to false.
- type: boolean
- registry:
- description: Registry represents a single or multiple Quobyte
- Registry services specified as a string as host:port pair
- (multiple entries are separated with commas) which acts
- as the central registry for volumes
- type: string
- tenant:
- description: Tenant owning the given Quobyte volume in the
- Backend Used with dynamically provisioned Quobyte volumes,
- value is set by the plugin
- type: string
- user:
- description: User to map volume access to Defaults to serivceaccount
- user
- type: string
- volume:
- description: Volume is a string that references an already
- created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'RBD represents a Rados Block Device mount on the
- host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- image:
- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'Keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
+ description: If unspecified, each key-value pair
+ in the Data field of the referenced Secret will
+ be projected into the volume as a file whose
+ name is the key and content is the value. If
+ specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file
+ to map the key to. May not be an absolute
+ path. May not contain the path element
+ '..'. May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ required:
+ - sources
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is no
+ group
type: string
- type: array
- pool:
- description: 'The rados pool name. Default is rbd. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'SecretRef is name of the authentication secret
- for RBDUser. If provided overrides keyring. Default is nil.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- user:
- description: 'The rados user name. Default is admin. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: ScaleIO represents a ScaleIO persistent volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: The host address of the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: The name of the ScaleIO Protection Domain for
- the configured storage.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef references to the secret for ScaleIO
- user and other sensitive information. If this is not provided,
- Login operation will fail.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
type: string
- type: object
- sslEnabled:
- description: Flag to enable/disable SSL communication with
- Gateway, default false
- type: boolean
- storageMode:
- description: Indicates whether the storage for a volume should
- be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: The ScaleIO Storage Pool associated with the
- protection domain.
- type: string
- system:
- description: The name of the storage system as configured
- in ScaleIO.
- type: string
- volumeName:
- description: The name of a volume already created in the ScaleIO
- system that is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'Secret represents a secret that should populate
- this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value pair in the Data
- field of the referenced Secret will be projected into the
- volume as a file whose name is the key and content is the
- value. If specified, the listed keys will be projected into
- the specified paths, and unlisted keys will not be present.
- If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional.
- Paths must be relative and may not contain the '..' path
- or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
- key:
- description: The key to project.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the
- key to. May not be an absolute path. May not contain
- the path element '..'. May not start with the string
- '..'.
+ type: object
+ user:
+ description: 'The rados user name. Default is admin. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain for
+ the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- required:
- - key
- - path
type: object
- type: array
- optional:
- description: Specify whether the Secret or its keys must be
- defined
- type: boolean
- secretName:
- description: 'Name of the secret in the pod''s namespace to
- use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: StorageOS represents a StorageOS volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef specifies the secret to use for obtaining
- the StorageOS API credentials. If not specified, default
- values will be attempted.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- volumeName:
- description: VolumeName is the human-readable name of the
- StorageOS volume. Volume names are only unique within a
- namespace.
- type: string
- volumeNamespace:
- description: VolumeNamespace specifies the scope of the volume
- within StorageOS. If no namespace is specified then the
- Pod's namespace will be used. This allows the Kubernetes
- name scoping to be mirrored within StorageOS for tighter
- integration. Set VolumeName to any name to override the
- default behaviour. Set to "default" if you are not using
- namespaces within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: VsphereVolume represents a vSphere volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: Storage Policy Based Management (SPBM) profile
- ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: Storage Policy Based Management (SPBM) profile
- name.
- type: string
- volumePath:
- description: Path that identifies vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- walCompression:
- description: Enable compression of the write-ahead log using Snappy.
- This flag is only available in versions of Prometheus >= 2.11.0.
- type: boolean
- type: object
- status:
- description: 'Most recent observed status of the Prometheus cluster. Read-only.
- Not included when requesting from the apiserver, only from the Prometheus
- Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- availableReplicas:
- description: Total number of available pods (ready for at least minReadySeconds)
- targeted by this Prometheus deployment.
- format: int32
- type: integer
- paused:
- description: Represents whether any actions on the underlaying managed
- objects are being performed. Only delete actions will be performed.
- type: boolean
- replicas:
- description: Total number of non-terminated pods targeted by this Prometheus
- deployment (their labels match the selector).
- format: int32
- type: integer
- unavailableReplicas:
- description: Total number of unavailable pods targeted by this Prometheus
- deployment.
- format: int32
- type: integer
- updatedReplicas:
- description: Total number of non-terminated pods targeted by this Prometheus
- deployment that have the desired version spec.
- format: int32
- type: integer
- required:
- - availableReplicas
- - paused
- - replicas
- - unavailableReplicas
- - updatedReplicas
- type: object
- required:
- - spec
- type: object
- version: v1
- versions:
- - name: v1
+ sslEnabled:
+ description: Flag to enable/disable SSL communication with
+ Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with the
+ protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in the
+ ScaleIO system that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in the
+ Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map
+ the key to. May not be an absolute path. May not
+ contain the path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys must
+ be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM) profile
+ ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM) profile
+ name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ walCompression:
+ description: Enable compression of the write-ahead log using Snappy.
+ This flag is only available in versions of Prometheus >= 2.11.0.
+ type: boolean
+ type: object
+ status:
+ description: 'Most recent observed status of the Prometheus cluster. Read-only.
+ Not included when requesting from the apiserver, only from the Prometheus
+ Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ availableReplicas:
+ description: Total number of available pods (ready for at least minReadySeconds)
+ targeted by this Prometheus deployment.
+ format: int32
+ type: integer
+ paused:
+ description: Represents whether any actions on the underlaying managed
+ objects are being performed. Only delete actions will be performed.
+ type: boolean
+ replicas:
+ description: Total number of non-terminated pods targeted by this
+ Prometheus deployment (their labels match the selector).
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: Total number of unavailable pods targeted by this Prometheus
+ deployment.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated pods targeted by this
+ Prometheus deployment that have the desired version spec.
+ format: int32
+ type: integer
+ required:
+ - availableReplicas
+ - paused
+ - replicas
+ - unavailableReplicas
+ - updatedReplicas
+ type: object
+ required:
+ - spec
+ type: object
served: true
storage: true
+ subresources: {}
status:
acceptedNames:
kind: ""
diff --git a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml
index 2a903bb5fdf214562c7cab8024b71321f1784b50..6c8404f6d12032ad30caff8a9d12ba01dcb69c2d 100644
--- a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
@@ -13,78 +13,77 @@ spec:
plural: prometheusrules
singular: prometheusrule
scope: Namespaced
- validation:
- openAPIV3Schema:
- description: PrometheusRule defines alerting rules for a Prometheus instance
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: Specification of desired alerting rule definitions for Prometheus.
- properties:
- groups:
- description: Content of Prometheus rule file
- items:
- description: 'RuleGroup is a list of sequentially evaluated recording
- and alerting rules. Note: PartialResponseStrategy is only used by
- ThanosRuler and will be ignored by Prometheus instances. Valid
- values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response'
- properties:
- interval:
- type: string
- name:
- type: string
- partial_response_strategy:
- type: string
- rules:
- items:
- description: Rule describes an alerting or recording rule.
- properties:
- alert:
- type: string
- annotations:
- additionalProperties:
- type: string
- type: object
- expr:
- anyOf:
- - type: integer
- - type: string
- x-kubernetes-int-or-string: true
- for:
- type: string
- labels:
- additionalProperties:
- type: string
- type: object
- record:
- type: string
- required:
- - expr
- type: object
- type: array
- required:
- - name
- - rules
- type: object
- type: array
- type: object
- required:
- - spec
- type: object
- version: v1
versions:
- name: v1
+ schema:
+ openAPIV3Schema:
+ description: PrometheusRule defines alerting rules for a Prometheus instance
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of desired alerting rule definitions for Prometheus.
+ properties:
+ groups:
+ description: Content of Prometheus rule file
+ items:
+ description: 'RuleGroup is a list of sequentially evaluated recording
+ and alerting rules. Note: PartialResponseStrategy is only used
+ by ThanosRuler and will be ignored by Prometheus instances. Valid
+ values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response'
+ properties:
+ interval:
+ type: string
+ name:
+ type: string
+ partial_response_strategy:
+ type: string
+ rules:
+ items:
+ description: Rule describes an alerting or recording rule.
+ properties:
+ alert:
+ type: string
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ expr:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ for:
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ record:
+ type: string
+ required:
+ - expr
+ type: object
+ type: array
+ required:
+ - name
+ - rules
+ type: object
+ type: array
+ type: object
+ required:
+ - spec
+ type: object
served: true
storage: true
status:
diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml
index bb98a234ce04f3fb41d3ee49213a6efa09865963..e9909dbfee715c8b46c42e295e4c96200867321e 100644
--- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
@@ -13,446 +13,448 @@ spec:
plural: servicemonitors
singular: servicemonitor
scope: Namespaced
- validation:
- openAPIV3Schema:
- description: ServiceMonitor defines monitoring for a set of services.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: Specification of desired Service selection for target discovery
- by Prometheus.
- properties:
- endpoints:
- description: A list of endpoints allowed as part of this ServiceMonitor.
- items:
- description: Endpoint defines a scrapeable endpoint serving Prometheus
- metrics.
- properties:
- basicAuth:
- description: 'BasicAuth allow an endpoint to authenticate over
- basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
- properties:
- password:
- description: The secret in the service monitor namespace that
- contains the password for authentication.
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: ServiceMonitor defines monitoring for a set of services.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of desired Service selection for target discovery
+ by Prometheus.
+ properties:
+ endpoints:
+ description: A list of endpoints allowed as part of this ServiceMonitor.
+ items:
+ description: Endpoint defines a scrapeable endpoint serving Prometheus
+ metrics.
+ properties:
+ basicAuth:
+ description: 'BasicAuth allow an endpoint to authenticate over
+ basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
+ properties:
+ password:
+ description: The secret in the service monitor namespace
+ that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ username:
+ description: The secret in the service monitor namespace
+ that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ bearerTokenFile:
+ description: File to read bearer token for scraping targets.
+ type: string
+ bearerTokenSecret:
+ description: Secret to mount to read bearer token for scraping
+ targets. The secret needs to be in the same namespace as the
+ service monitor and accessible by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ honorLabels:
+ description: HonorLabels chooses the metric's labels on collisions
+ with target labels.
+ type: boolean
+ honorTimestamps:
+ description: HonorTimestamps controls whether Prometheus respects
+ the timestamps present in scraped data.
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped
+ type: string
+ metricRelabelings:
+ description: MetricRelabelConfigs to apply to samples before
+ ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
type: object
- username:
- description: The secret in the service monitor namespace that
- contains the username for authentication.
+ type: array
+ params:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Optional HTTP URL parameters
+ type: object
+ path:
+ description: HTTP path to scrape for metrics.
+ type: string
+ port:
+ description: Name of the service port this endpoint refers to.
+ Mutually exclusive with targetPort.
+ type: string
+ proxyUrl:
+ description: ProxyURL eg http://proxyserver:2195 Directs scrapes
+ to proxy through this endpoint.
+ type: string
+ relabelings:
+ description: 'RelabelConfigs to apply to samples before scraping.
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
type: object
- type: object
- bearerTokenFile:
- description: File to read bearer token for scraping targets.
- type: string
- bearerTokenSecret:
- description: Secret to mount to read bearer token for scraping
- targets. The secret needs to be in the same namespace as the
- service monitor and accessible by the Prometheus Operator.
- properties:
- key:
- description: The key of the secret to select from. Must be
- a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be
- defined
- type: boolean
- required:
- - key
- type: object
- honorLabels:
- description: HonorLabels chooses the metric's labels on collisions
- with target labels.
- type: boolean
- honorTimestamps:
- description: HonorTimestamps controls whether Prometheus respects
- the timestamps present in scraped data.
- type: boolean
- interval:
- description: Interval at which metrics should be scraped
- type: string
- metricRelabelings:
- description: MetricRelabelConfigs to apply to samples before ingestion.
- items:
- description: 'RelabelConfig allows dynamic rewriting of the
- label set, being applied to samples before ingestion. It defines
- `<metric_relabel_configs>`-section of Prometheus configuration.
- More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ type: array
+ scheme:
+ description: HTTP scheme to use for scraping.
+ type: string
+ scrapeTimeout:
+ description: Timeout after which the scrape is ended
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the pod port this endpoint refers
+ to. Mutually exclusive with port.
+ x-kubernetes-int-or-string: true
+ tlsConfig:
+ description: TLS configuration to use when scraping the endpoint
properties:
- action:
- description: Action to perform based on regex matching.
- Default is 'replace'
+ ca:
+ description: Stuct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
type: string
- modulus:
- description: Modulus to take of the hash of the source label
- values.
- format: int64
- type: integer
- regex:
- description: Regular expression against which the extracted
- value is matched. Default is '(.*)'
+ cert:
+ description: Struct containing the client cert file for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
type: string
- replacement:
- description: Replacement value against which a regex replace
- is performed if the regular expression matches. Regex
- capture groups are available. Default is '$1'
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
type: string
- separator:
- description: Separator placed between concatenated source
- label values. default is ';'.
- type: string
- sourceLabels:
- description: The source labels select values from existing
- labels. Their content is concatenated using the configured
- separator and matched against the configured regular expression
- for the replace, keep, and drop actions.
- items:
- type: string
- type: array
- targetLabel:
- description: Label to which the resulting value is written
- in a replace action. It is mandatory for replace actions.
- Regex capture groups are available.
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ serverName:
+ description: Used to verify the hostname for the targets.
type: string
type: object
+ type: object
+ type: array
+ jobLabel:
+ description: The label to use to retrieve the job name from.
+ type: string
+ namespaceSelector:
+ description: Selector to select which namespaces the Endpoints objects
+ are discovered from.
+ properties:
+ any:
+ description: Boolean describing whether all namespaces are selected
+ in contrast to a list restricting them.
+ type: boolean
+ matchNames:
+ description: List of namespace names.
+ items:
+ type: string
type: array
- params:
- additionalProperties:
- items:
- type: string
- type: array
- description: Optional HTTP URL parameters
- type: object
- path:
- description: HTTP path to scrape for metrics.
- type: string
- port:
- description: Name of the service port this endpoint refers to.
- Mutually exclusive with targetPort.
- type: string
- proxyUrl:
- description: ProxyURL eg http://proxyserver:2195 Directs scrapes
- to proxy through this endpoint.
- type: string
- relabelings:
- description: 'RelabelConfigs to apply to samples before scraping.
- More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
+ type: object
+ podTargetLabels:
+ description: PodTargetLabels transfers labels on the Kubernetes Pod
+ onto the target.
+ items:
+ type: string
+ type: array
+ sampleLimit:
+ description: SampleLimit defines per-scrape limit on number of scraped
+ samples that will be accepted.
+ format: int64
+ type: integer
+ selector:
+ description: Selector to select Endpoints objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
items:
- description: 'RelabelConfig allows dynamic rewriting of the
- label set, being applied to samples before ingestion. It defines
- `<metric_relabel_configs>`-section of Prometheus configuration.
- More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
properties:
- action:
- description: Action to perform based on regex matching.
- Default is 'replace'
- type: string
- modulus:
- description: Modulus to take of the hash of the source label
- values.
- format: int64
- type: integer
- regex:
- description: Regular expression against which the extracted
- value is matched. Default is '(.*)'
+ key:
+ description: key is the label key that the selector applies
+ to.
type: string
- replacement:
- description: Replacement value against which a regex replace
- is performed if the regular expression matches. Regex
- capture groups are available. Default is '$1'
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
type: string
- separator:
- description: Separator placed between concatenated source
- label values. default is ';'.
- type: string
- sourceLabels:
- description: The source labels select values from existing
- labels. Their content is concatenated using the configured
- separator and matched against the configured regular expression
- for the replace, keep, and drop actions.
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
- targetLabel:
- description: Label to which the resulting value is written
- in a replace action. It is mandatory for replace actions.
- Regex capture groups are available.
- type: string
+ required:
+ - key
+ - operator
type: object
type: array
- scheme:
- description: HTTP scheme to use for scraping.
- type: string
- scrapeTimeout:
- description: Timeout after which the scrape is ended
- type: string
- targetPort:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the pod port this endpoint refers
- to. Mutually exclusive with port.
- x-kubernetes-int-or-string: true
- tlsConfig:
- description: TLS configuration to use when scraping the endpoint
- properties:
- ca:
- description: Stuct containing the CA cert to use for the targets.
- properties:
- configMap:
- description: ConfigMap containing data to use for the
- targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- caFile:
- description: Path to the CA cert in the Prometheus container
- to use for the targets.
- type: string
- cert:
- description: Struct containing the client cert file for the
- targets.
- properties:
- configMap:
- description: ConfigMap containing data to use for the
- targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- certFile:
- description: Path to the client cert file in the Prometheus
- container for the targets.
- type: string
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keyFile:
- description: Path to the client key file in the Prometheus
- container for the targets.
- type: string
- keySecret:
- description: Secret containing the client key file for the
- targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
type: object
type: object
- type: array
- jobLabel:
- description: The label to use to retrieve the job name from.
- type: string
- namespaceSelector:
- description: Selector to select which namespaces the Endpoints objects
- are discovered from.
- properties:
- any:
- description: Boolean describing whether all namespaces are selected
- in contrast to a list restricting them.
- type: boolean
- matchNames:
- description: List of namespace names.
- items:
- type: string
- type: array
- type: object
- podTargetLabels:
- description: PodTargetLabels transfers labels on the Kubernetes Pod
- onto the target.
- items:
- type: string
- type: array
- sampleLimit:
- description: SampleLimit defines per-scrape limit on number of scraped
- samples that will be accepted.
- format: int64
- type: integer
- selector:
- description: Selector to select Endpoints objects.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- targetLabels:
- description: TargetLabels transfers labels on the Kubernetes Service
- onto the target.
- items:
- type: string
- type: array
- required:
- - endpoints
- - selector
- type: object
- required:
- - spec
- type: object
- version: v1
- versions:
- - name: v1
+ targetLabels:
+ description: TargetLabels transfers labels on the Kubernetes Service
+ onto the target.
+ items:
+ type: string
+ type: array
+ required:
+ - endpoints
+ - selector
+ type: object
+ required:
+ - spec
+ type: object
served: true
storage: true
status:
diff --git a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml
index 5d630512a886e474ef5293e74f70cfb7f188f2d9..3396c98885617a43fd3477dd1f1c67c4d537a32b 100644
--- a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
@@ -13,4712 +13,4821 @@ spec:
plural: thanosrulers
singular: thanosruler
scope: Namespaced
- validation:
- openAPIV3Schema:
- description: ThanosRuler defines a ThanosRuler deployment.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: 'Specification of the desired behavior of the ThanosRuler cluster.
- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- affinity:
- description: If specified, the pod's scheduling constraints.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the affinity expressions specified by this field,
- but it may choose a node that violates one or more of the
- expressions. The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node that meets
- all of the scheduling requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating through
- the elements of this field and adding "weight" to the sum
- if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term matches all
- objects with implicit weight 0 (i.e. it's a no-op). A null
- preferred scheduling term matches no objects (i.e. is also
- a no-op).
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: ThanosRuler defines a ThanosRuler deployment.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the ThanosRuler
+ cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
properties:
- preference:
- description: A node selector term, associated with the
- corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
- items:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
- items:
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- weight:
- description: Weight associated with matching the corresponding
- nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
required:
- - preference
- - weight
+ - nodeSelectorTerms
type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by this
- field are not met at scheduling time, the pod will not be
- scheduled onto the node. If the affinity requirements specified
- by this field cease to be met at some point during pod execution
- (e.g. due to an update), the system may or may not try to
- eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms. The
- terms are ORed.
- items:
- description: A null or empty node selector term matches
- no objects. The requirements of them are ANDed. The
- TopologySelectorTerm type implements a subset of the
- NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
items:
- type: string
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
type: array
- required:
- - key
- - operator
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
+ namespaces:
+ description: namespaces specifies which namespaces
+ the labelSelector applies to (matches against);
+ null or empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies which namespaces the
+ labelSelector applies to (matches against); null or
+ empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: An array of string values. If the
- operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be
- empty. If the operator is Gt or Lt, the values
- array must have a single element, which will
- be interpreted as an integer. This array is
- replaced during a strategic merge patch.
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
items:
- type: string
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
type: array
- required:
- - key
- - operator
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
type: object
- type: array
- type: object
- type: array
- required:
- - nodeSelectorTerms
- type: object
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules (e.g. co-locate
- this pod in the same node, zone, etc. as some other pod(s)).
+ namespaces:
+ description: namespaces specifies which namespaces
+ the labelSelector applies to (matches against);
+ null or empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies which namespaces the
+ labelSelector applies to (matches against); null or
+ empty list means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ alertDropLabels:
+ description: AlertDropLabels configure the label names which should
+ be dropped in ThanosRuler alerts. If `labels` field is not provided,
+ `thanos_ruler_replica` will be dropped in alerts by default.
+ items:
+ type: string
+ type: array
+ alertQueryUrl:
+ description: The external Query URL the Thanos Ruler will set in the
+ 'Source' field of all alerts. Maps to the '--alert.query-url' CLI
+ arg.
+ type: string
+ alertmanagersConfig:
+ description: Define configuration for connecting to alertmanager. Only
+ available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config`
+ arg.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ alertmanagersUrl:
+ description: 'Define URLs to send alerts to Alertmanager. For Thanos
+ v0.10.0 and higher, AlertManagersConfig should be used instead. Note:
+ this field will be ignored if AlertManagersConfig is specified.
+ Maps to the `alertmanagers.url` arg.'
+ items:
+ type: string
+ type: array
+ containers:
+ description: 'Containers allows injecting additional containers or
+ modifying operator generated containers. This can be used to allow
+ adding an authentication proxy to a ThanosRuler pod or to change
+ the behavior of an operator generated container. Containers described
+ here modify an operator generated container if they share the same
+ name and modifications are done via a strategic merge patch. The
+ current container names are: `thanos-ruler` and `rules-configmap-reloader`.
+ Overriding containers is entirely outside the scope of what the
+ maintainers will support and by doing so, you accept that this behaviour
+ may break at any time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the affinity expressions specified by this field,
- but it may choose a node that violates one or more of the
- expressions. The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node that meets
- all of the scheduling requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating through
- the elements of this field and adding "weight" to the sum
- if the node has pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most preferred.
+ args:
+ description: 'Arguments to the entrypoint. The docker image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The docker image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previous defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement is
- a selector that contains values, a key, and
- an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If
- the operator is Exists or DoesNotExist,
- the values array must be empty. This array
- is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value".
- The requirements are ANDed.
- type: object
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
type: object
- namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey matches
- that of any node on which any of the selected pods
- is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the corresponding
- podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by this
- field are not met at scheduling time, the pod will not be
- scheduled onto the node. If the affinity requirements specified
- by this field cease to be met at some point during pod execution
- (e.g. due to a pod label update), the system may or may not
- try to eventually evict the pod from its node. When there
- are multiple elements, the lists of nodes corresponding to
- each podAffinityTerm are intersected, i.e. all terms must
- be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s)) that
- this pod should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is defined as running
- on a node whose value of the label with key <topologyKey>
- matches that of any node on which a pod of the set of pods
- is running
- properties:
- labelSelector:
- description: A label query over a set of resources, in
- this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values
- array must be non-empty. If the operator is
- Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, metadata.labels,
+ metadata.annotations, spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
type: object
- type: object
- namespaces:
- description: namespaces specifies which namespaces the
- labelSelector applies to (matches against); null or
- empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where
- co-located is defined as running on a node whose value
- of the label with key topologyKey matches that of any
- node on which any of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling rules (e.g.
- avoid putting this pod in the same node, zone, etc. as some other
- pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to nodes
- that satisfy the anti-affinity expressions specified by this
- field, but it may choose a node that violates one or more
- of the expressions. The node that is most preferred is the
- one with the greatest sum of weights, i.e. for each node that
- meets all of the scheduling requirements (resource request,
- requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field
- and adding "weight" to the sum if the node has pods which
- matches the corresponding podAffinityTerm; the node(s) with
- the highest sum are the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement is
- a selector that contains values, a key, and
- an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If
- the operator is Exists or DoesNotExist,
- the values array must be empty. This array
- is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value".
- The requirements are ANDed.
- type: object
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
type: object
- namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey matches
- that of any node on which any of the selected pods
- is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
type: object
- weight:
- description: weight associated with matching the corresponding
- podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
required:
- - podAffinityTerm
- - weight
+ - name
type: object
type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified by
- this field are not met at scheduling time, the pod will not
- be scheduled onto the node. If the anti-affinity requirements
- specified by this field cease to be met at some point during
- pod execution (e.g. due to a pod label update), the system
- may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e. all terms must
- be satisfied.
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s)) that
- this pod should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is defined as running
- on a node whose value of the label with key <topologyKey>
- matches that of any node on which a pod of the set of pods
- is running
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
properties:
- labelSelector:
- description: A label query over a set of resources, in
- this case pods.
+ configMapRef:
+ description: The ConfigMap to select from
properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values
- array must be non-empty. If the operator is
- Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
- type: object
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
type: object
- namespaces:
- description: namespaces specifies which namespaces the
- labelSelector applies to (matches against); null or
- empty list means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where
- co-located is defined as running on a node whose value
- of the label with key topologyKey matches that of any
- node on which any of the selected pods is running. Empty
- topologyKey is not allowed.
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
- required:
- - topologyKey
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
type: object
type: array
- type: object
- type: object
- alertDropLabels:
- description: AlertDropLabels configure the label names which should
- be dropped in ThanosRuler alerts. If `labels` field is not provided,
- `thanos_ruler_replica` will be dropped in alerts by default.
- items:
- type: string
- type: array
- alertQueryUrl:
- description: The external Query URL the Thanos Ruler will set in the
- 'Source' field of all alerts. Maps to the '--alert.query-url' CLI
- arg.
- type: string
- alertmanagersConfig:
- description: Define configuration for connecting to alertmanager. Only
- available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config`
- arg.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- alertmanagersUrl:
- description: 'Define URLs to send alerts to Alertmanager. For Thanos
- v0.10.0 and higher, AlertManagersConfig should be used instead. Note:
- this field will be ignored if AlertManagersConfig is specified. Maps
- to the `alertmanagers.url` arg.'
- items:
- type: string
- type: array
- containers:
- description: 'Containers allows injecting additional containers or modifying
- operator generated containers. This can be used to allow adding an
- authentication proxy to a ThanosRuler pod or to change the behavior
- of an operator generated container. Containers described here modify
- an operator generated container if they share the same name and modifications
- are done via a strategic merge patch. The current container names
- are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers
- is entirely outside the scope of what the maintainers will support
- and by doing so, you accept that this behaviour may break at any time
- without notice.'
- items:
- description: A single application container that you want to run within
- a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker image''s
- CMD is used if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment. If a variable
- cannot be resolved, the reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can be escaped with a double
- $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot be
- updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ image:
+ description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell. The
- docker image''s ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
- type: array
- env:
- description: List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
properties:
- name:
- description: Name of the environment variable. Must be a
- C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in the
- container and any service environment variables. If a
- variable cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax can be
- escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- key:
- description: The key to select.
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
required:
- - key
+ - port
type: object
- fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, metadata.labels, metadata.annotations,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs.'
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - fieldPath
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The reason for termination is passed
+ to the handler. The Pod''s termination grace period countdown
+ begins before the PreStop hooked is executed. Regardless
+ of the outcome of the handler, the container will eventually
+ terminate within the Pod''s termination grace period.
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
type: object
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- resource:
- description: 'Required: resource to select'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
required:
- - resource
+ - port
type: object
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - key
+ - port
type: object
type: object
- required:
- - name
type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must be a
- C_IDENTIFIER. All invalid keys will be reported as an event
- when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set of
- ConfigMaps
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- configMapRef:
- description: The ConfigMap to select from
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- optional:
- description: Specify whether the ConfigMap must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
type: object
- prefix:
- description: An optional identifier to prepend to each key
- in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- optional:
- description: Specify whether the Secret must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system should take in
- response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately after a container
- is created. If the handler fails, the container is terminated
- and restarted according to its restart policy. Other management
- of the container blocks until the hook completes. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately before a container
- is terminated due to an API request or management event
- such as liveness/startup probe failure, preemption, resource
- contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed to
- the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period. Other
- management of the container blocks until the hook completes
- or until the termination grace period is reached. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated. More
- info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Exposing
+ a port here gives the system additional information about
+ the network connections a container uses, but is primarily
+ informational. Not specifying a port here DOES NOT prevent
+ that port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container will be
+ accessible from the network. Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ protocol:
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
+ - containerPort
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL. Each
- container in a pod must have a unique name (DNS_LABEL). Cannot
- be updated.
- type: string
- ports:
- description: List of ports to expose from the container. Exposing
- a port here gives the system additional information about the
- network connections a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from the network.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in a single
- container.
+ type: array
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- containerPort:
- description: Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
format: int32
type: integer
- hostIP:
- description: What host IP to bind the external port to.
- type: string
- hostPort:
- description: Number of port to expose on the host. If specified,
- this must be a valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort. Most containers
- do not need this.
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a pod must
- have a unique name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ properties:
+ limits:
+ additionalProperties:
+ type: string
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ securityContext:
+ description: 'Security options the pod should run with. More
+ info: https://kubernetes.io/docs/concepts/policy/security-context/
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled.
type: string
- required:
- - containerPort
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
type: object
- type: array
- readinessProbe:
- description: 'Periodic probe of container service readiness. Container
- will be removed from service endpoints if the probe fails. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. This is a beta feature enabled by
+ the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
type: string
required:
- - port
+ - devicePath
+ - name
type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this container. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
- type: string
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ - mountPath
+ - name
type: object
- type: object
- securityContext:
- description: 'Security options the pod should run with. More info:
- https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ enforcedNamespaceLabel:
+ description: EnforcedNamespaceLabel enforces adding a namespace label
+ of origin for each alert and metric that is user created. The label
+ value will always be the namespace of the object that is being created.
+ type: string
+ evaluationInterval:
+ description: Interval between consecutive evaluations.
+ type: string
+ externalPrefix:
+ description: The external URL the Thanos Ruler instances will be available
+ under. This is necessary to generate correct URLs. This is necessary
+ if Thanos Ruler is not served from root of a DNS name.
+ type: string
+ grpcServerTlsConfig:
+ description: 'GRPCServerTLSConfig configures the gRPC server from
+ which Thanos Querier reads recorded rule data. Note: Currently only
+ the CAFile, CertFile, and KeyFile fields are supported. Maps to
+ the ''--grpc-server-tls-*'' CLI args.'
+ properties:
+ ca:
+ description: Stuct containing the CA cert to use for the targets.
properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a
- process can gain more privileges than its parent process.
- This bool directly controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes in
- privileged containers are essentially equivalent to root
- on the host. Defaults to false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount to use
- for the containers. The default is DefaultProcMount which
- uses the container runtime defaults for readonly paths and
- masked paths. This requires the ProcMountType feature flag
- to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem.
- Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be set
- in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset or false, no
- such validation will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata if
- unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random
- SELinux context for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ configMap:
+ description: ConfigMap containing data to use for the targets.
properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
+ key:
+ description: The key to select.
type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
type: object
- windowsOptions:
- description: The Windows specific settings applied to all
- containers. If unspecified, the options from the PodSecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ secret:
+ description: Secret containing data to use for the targets.
properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named
- by the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the
- GMSA credential spec to use. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence. This field is beta-level and may be
- disabled with the WindowsRunAsUserName feature flag.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
type: object
type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed until
- this completes successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed. This can
- be used to provide different probe parameters at the beginning
- of a Pod''s lifecycle, when it might take a long time to load
- data or warm a cache, than during steady-state operation. This
- cannot be updated. This is an alpha feature enabled by the StartupProbe
- feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ caFile:
+ description: Path to the CA cert in the Prometheus container to
+ use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for the targets.
properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
+ configMap:
+ description: ConfigMap containing data to use for the targets.
properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
+ key:
+ description: The key to select.
type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
required:
- - port
+ - key
type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
+ secret:
+ description: Secret containing data to use for the targets.
properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
required:
- - port
+ - key
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
type: object
- stdin:
- description: Whether this container should allocate a buffer for
- stdin in the container runtime. If this is not set, reads from
- stdin in the container will always result in EOF. Default is
- false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close the stdin
- channel after it has been opened by a single attach. When stdin
- is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container
- start, is empty until the first client attaches to stdin, and
- then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container processes that
- reads from stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s
- termination message will be written is mounted into the container''s
- filesystem. Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated by the
- node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should be populated.
- File will use the contents of terminationMessagePath to populate
- the container status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
+ certFile:
+ description: Path to the client cert file in the Prometheus container
+ for the targets.
type: string
- tty:
- description: Whether this container should allocate a TTY for
- itself, also requires 'stdin' to be true. Default is false.
+ insecureSkipVerify:
+ description: Disable target certificate validation.
type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices to be
- used by the container. This is a beta feature.
- items:
- description: volumeDevice describes a mapping of a raw block
- device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the container
- that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume within
- a container.
- properties:
- mountPath:
- description: Path within the container at which the volume
- should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts are
- propagated from the host to container and the other way
- around. When not set, MountPropagationNone is used. This
- field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise
- (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which
- the container's volume should be mounted. Behaves similarly
- to SubPath but environment variable references $(VAR_NAME)
- are expanded using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and SubPath are mutually
- exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might be
- configured in the container image. Cannot be updated.
+ keyFile:
+ description: Path to the client key file in the Prometheus container
+ for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ serverName:
+ description: Used to verify the hostname for the targets.
type: string
- required:
- - name
type: object
- type: array
- enforcedNamespaceLabel:
- description: EnforcedNamespaceLabel enforces adding a namespace label
- of origin for each alert and metric that is user created. The label
- value will always be the namespace of the object that is being created.
- type: string
- evaluationInterval:
- description: Interval between consecutive evaluations.
- type: string
- externalPrefix:
- description: The external URL the Thanos Ruler instances will be available
- under. This is necessary to generate correct URLs. This is necessary
- if Thanos Ruler is not served from root of a DNS name.
- type: string
- grpcServerTlsConfig:
- description: 'GRPCServerTLSConfig configures the gRPC server from which
- Thanos Querier reads recorded rule data. Note: Currently only the
- CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*''
- CLI args.'
- properties:
- ca:
- description: Stuct containing the CA cert to use for the targets.
- properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- caFile:
- description: Path to the CA cert in the Prometheus container to
- use for the targets.
- type: string
- cert:
- description: Struct containing the client cert file for the targets.
- properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- certFile:
- description: Path to the client cert file in the Prometheus container
- for the targets.
- type: string
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keyFile:
- description: Path to the client key file in the Prometheus container
- for the targets.
- type: string
- keySecret:
- description: Secret containing the client key file for the targets.
+ image:
+ description: Thanos container image URL.
+ type: string
+ imagePullSecrets:
+ description: An optional list of references to secrets in the same
+ namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
properties:
- key:
- description: The key of the secret to select from. Must be
- a valid secret key.
- type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
type: object
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
- type: object
- image:
- description: Thanos container image URL.
- type: string
- imagePullSecrets:
- description: An optional list of references to secrets in the same namespace
- to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
- items:
- description: LocalObjectReference contains enough information to let
- you locate the referenced object inside the same namespace.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- type: array
- initContainers:
- description: 'InitContainers allows adding initContainers to the pod
- definition. Those can be used to e.g. fetch secrets for injection
- into the ThanosRuler configuration from external sources. Any errors
- during the execution of an initContainer will lead to a restart of
- the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- Using initContainers for any use case other then secret fetching is
- entirely outside the scope of what the maintainers will support and
- by doing so, you accept that this behaviour may break at any time
- without notice.'
- items:
- description: A single application container that you want to run within
- a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker image''s
- CMD is used if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment. If a variable
- cannot be resolved, the reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can be escaped with a double
- $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot be
- updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ type: array
+ initContainers:
+ description: 'InitContainers allows adding initContainers to the pod
+ definition. Those can be used to e.g. fetch secrets for injection
+ into the ThanosRuler configuration from external sources. Any errors
+ during the execution of an initContainer will lead to a restart
+ of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ Using initContainers for any use case other then secret fetching
+ is entirely outside the scope of what the maintainers will support
+ and by doing so, you accept that this behaviour may break at any
+ time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The docker image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The docker image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previous defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
+ references will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, metadata.labels,
+ metadata.annotations, spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell. The
- docker image''s ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
- type: array
- env:
- description: List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
properties:
- name:
- description: Name of the environment variable. Must be a
- C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in the
- container and any service environment variables. If a
- variable cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax can be
- escaped with a double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- key:
- description: The key to select.
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
required:
- - key
+ - port
type: object
- fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, metadata.labels, metadata.annotations,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs.'
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - fieldPath
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The reason for termination is passed
+ to the handler. The Pod''s termination grace period countdown
+ begins before the PreStop hooked is executed. Regardless
+ of the outcome of the handler, the container will eventually
+ terminate within the Pod''s termination grace period.
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: One and only one of the following should
+ be specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
type: object
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- resource:
- description: 'Required: resource to select'
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
type: string
required:
- - resource
+ - port
type: object
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving
+ a TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
required:
- - key
+ - port
type: object
type: object
- required:
- - name
type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must be a
- C_IDENTIFIER. All invalid keys will be reported as an event
- when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set of
- ConfigMaps
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- configMapRef:
- description: The ConfigMap to select from
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap must be defined
- type: boolean
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
type: object
- prefix:
- description: An optional identifier to prepend to each key
- in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
type: string
- optional:
- description: Specify whether the Secret must be defined
- type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system should take in
- response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately after a container
- is created. If the handler fails, the container is terminated
- and restarted according to its restart policy. Other management
- of the container blocks until the hook completes. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately before a container
- is terminated due to an API request or management event
- such as liveness/startup probe failure, preemption, resource
- contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed to
- the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period. Other
- management of the container blocks until the hook completes
- or until the termination grace period is reached. More info:
- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated. More
- info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Exposing
+ a port here gives the system additional information about
+ the network connections a container uses, but is primarily
+ informational. Not specifying a port here DOES NOT prevent
+ that port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container will be
+ accessible from the network. Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ protocol:
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
required:
- - port
+ - containerPort
type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL. Each
- container in a pod must have a unique name (DNS_LABEL). Cannot
- be updated.
- type: string
- ports:
- description: List of ports to expose from the container. Exposing
- a port here gives the system additional information about the
- network connections a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from the network.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in a single
- container.
+ type: array
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
- containerPort:
- description: Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
format: int32
type: integer
- hostIP:
- description: What host IP to bind the external port to.
- type: string
- hostPort:
- description: Number of port to expose on the host. If specified,
- this must be a valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort. Most containers
- do not need this.
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a pod must
- have a unique name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- description: Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- readinessProbe:
- description: 'Periodic probe of container service readiness. Container
- will be removed from service endpoints if the probe fails. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ properties:
+ limits:
+ additionalProperties:
type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this container. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ securityContext:
+ description: 'Security options the pod should run with. More
+ info: https://kubernetes.io/docs/concepts/policy/security-context/
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled.
type: string
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run with. More info:
- https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls whether a
- process can gain more privileges than its parent process.
- This bool directly controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes in
- privileged containers are essentially equivalent to root
- on the host. Defaults to false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount to use
- for the containers. The default is DefaultProcMount which
- uses the container runtime defaults for readonly paths and
- masked paths. This requires the ProcMountType feature flag
- to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only root filesystem.
- Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be set
- in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset or false, no
- such validation will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata if
- unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random
- SELinux context for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. This is a beta feature enabled by
+ the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: One and only one of the following should be
+ specified. Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: 'TCPSocket specifies an action involving a
+ TCP port. TCP hooks not yet supported TODO: implement
+ a realistic TCP lifecycle hook'
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
type: string
+ required:
+ - devicePath
+ - name
type: object
- windowsOptions:
- description: The Windows specific settings applied to all
- containers. If unspecified, the options from the PodSecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named
- by the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the
- GMSA credential spec to use. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence. This field is beta-level and may be
- disabled with the WindowsRunAsUserName feature flag.
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
type: string
+ required:
+ - mountPath
+ - name
type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed until
- this completes successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed. This can
- be used to provide different probe parameters at the beginning
- of a Pod''s lifecycle, when it might take a long time to load
- data or warm a cache, than during steady-state operation. This
- cannot be updated. This is an alpha feature enabled by the StartupProbe
- feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following should be specified.
- Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute inside
- the container, the working directory for the command is
- root ('/') in the container's filesystem. The command
- is simply exec'd, it is not run inside a shell, so traditional
- shell instructions ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that shell. Exit
- status of 0 is treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe to
- be considered failed after having succeeded. Defaults to
- 3. Minimum value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to the
- pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request. HTTP
- allows repeated headers.
- items:
- description: HTTPHeader describes a custom header to
- be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container has started
- before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe to
- be considered successful after having failed. Defaults to
- 1. Must be 1 for liveness and startup. Minimum value is
- 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action involving a TCP
- port. TCP hooks not yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect to, defaults
- to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access on the
- container. Number must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- timeoutSeconds:
- description: 'Number of seconds after which the probe times
- out. Defaults to 1 second. Minimum value is 1. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer for
- stdin in the container runtime. If this is not set, reads from
- stdin in the container will always result in EOF. Default is
- false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close the stdin
- channel after it has been opened by a single attach. When stdin
- is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container
- start, is empty until the first client attaches to stdin, and
- then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container processes that
- reads from stdin will never receive an EOF. Default is false
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels configure the external label pairs to ThanosRuler.
+ If not provided, default replica label `thanos_ruler_replica` will
+ be added as a label and be dropped in alerts.
+ type: object
+ listenLocal:
+ description: ListenLocal makes the Thanos ruler listen on loopback,
+ so that it does not bind against the Pod IP.
+ type: boolean
+ logFormat:
+ description: Log format for ThanosRuler to be configured with.
+ type: string
+ logLevel:
+ description: Log level for ThanosRuler to be configured with.
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: Define which Nodes the Pods are scheduled on.
+ type: object
+ objectStorageConfig:
+ description: ObjectStorageConfig configures object storage in Thanos.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to which the container''s
- termination message will be written is mounted into the container''s
- filesystem. Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated by the
- node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
+ required:
+ - key
+ type: object
+ paused:
+ description: When a ThanosRuler deployment is paused, no actions except
+ for deletion will be performed on the underlying objects.
+ type: boolean
+ podMetadata:
+ description: PodMetadata contains Labels and Annotations gets propagated
+ to the thanos ruler pods.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map stored
+ with a resource that may be set by external tools to store and
+ retrieve arbitrary metadata. They are not queryable and should
+ be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used to
+ organize and categorize (scope and select) objects. May match
+ selectors of replication controllers and services. More info:
+ http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow a
+ client to request the generation of an appropriate name automatically.
+ Name is primarily intended for creation idempotence and configuration
+ definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should be populated.
- File will use the contents of terminationMessagePath to populate
- the container status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
+ type: object
+ portName:
+ description: Port name used for the pods and governing service. This
+ defaults to web
+ type: string
+ priorityClassName:
+ description: Priority class assigned to the Pods
+ type: string
+ queryConfig:
+ description: Define configuration for connecting to thanos query instances.
+ If this is defined, the QueryEndpoints field will be ignored. Maps
+ to the `query.config` CLI argument. Only available with thanos v0.11.0
+ and higher.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- tty:
- description: Whether this container should allocate a TTY for
- itself, also requires 'stdin' to be true. Default is false.
+ optional:
+ description: Specify whether the Secret or its key must be defined
type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices to be
- used by the container. This is a beta feature.
+ required:
+ - key
+ type: object
+ queryEndpoints:
+ description: QueryEndpoints defines Thanos querier endpoints from
+ which to query metrics. Maps to the --query flag of thanos ruler.
+ items:
+ type: string
+ type: array
+ replicas:
+ description: Number of thanos ruler instances to deploy.
+ format: int32
+ type: integer
+ resources:
+ description: Resources defines the resource requirements for single
+ Pods. If not provided, no requests/limits will be set
+ properties:
+ limits:
+ additionalProperties:
+ type: string
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ retention:
+ description: Time duration ThanosRuler shall retain data for. Default
+ is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)`
+ (milliseconds seconds minutes hours days weeks years).
+ type: string
+ routePrefix:
+ description: The route prefix ThanosRuler registers HTTP handlers
+ for. This allows thanos UI to be served on a sub-path.
+ type: string
+ ruleNamespaceSelector:
+ description: Namespaces to be selected for Rules discovery. If unspecified,
+ only the same namespace as the ThanosRuler object is in is used.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
items:
- description: volumeDevice describes a mapping of a raw block
- device within a container.
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
properties:
- devicePath:
- description: devicePath is the path inside of the container
- that the device will be mapped to.
+ key:
+ description: key is the label key that the selector applies
+ to.
type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
required:
- - devicePath
- - name
+ - key
+ - operator
type: object
type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ ruleSelector:
+ description: A label selector to select which PrometheusRules to mount
+ for alerting and recording.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
items:
- description: VolumeMount describes a mounting of a Volume within
- a container.
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
properties:
- mountPath:
- description: Path within the container at which the volume
- should be mounted. Must not contain ':'.
+ key:
+ description: key is the label key that the selector applies
+ to.
type: string
- mountPropagation:
- description: mountPropagation determines how mounts are
- propagated from the host to container and the other way
- around. When not set, MountPropagationNone is used. This
- field is beta in 1.10.
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings. This defaults to the default PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified defaults to "Always".'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID. If
+ unspecified, no groups will be added to any container.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
name:
- description: This must match the Name of a Volume.
+ description: Name of a property to set
type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise
- (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which
- the container's volume should be mounted. Behaves similarly
- to SubPath but environment variable references $(VAR_NAME)
- are expanded using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and SubPath are mutually
- exclusive.
+ value:
+ description: Value of a property to set
type: string
required:
- - mountPath
- name
+ - value
type: object
type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might be
- configured in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- labels:
- additionalProperties:
- type: string
- description: Labels configure the external label pairs to ThanosRuler.
- If not provided, default replica label `thanos_ruler_replica` will
- be added as a label and be dropped in alerts.
- type: object
- listenLocal:
- description: ListenLocal makes the Thanos ruler listen on loopback,
- so that it does not bind against the Pod IP.
- type: boolean
- logFormat:
- description: Log format for ThanosRuler to be configured with.
- type: string
- logLevel:
- description: Log level for ThanosRuler to be configured with.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: Define which Nodes the Pods are scheduled on.
- type: object
- objectStorageConfig:
- description: ObjectStorageConfig configures object storage in Thanos.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- paused:
- description: When a ThanosRuler deployment is paused, no actions except
- for deletion will be performed on the underlying objects.
- type: boolean
- podMetadata:
- description: PodMetadata contains Labels and Annotations gets propagated
- to the thanos ruler pods.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: 'Annotations is an unstructured key value map stored
- with a resource that may be set by external tools to store and
- retrieve arbitrary metadata. They are not queryable and should
- be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
- type: object
- labels:
- additionalProperties:
- type: string
- description: 'Map of string keys and values that can be used to
- organize and categorize (scope and select) objects. May match
- selectors of replication controllers and services. More info:
- http://kubernetes.io/docs/user-guide/labels'
- type: object
- type: object
- portName:
- description: Port name used for the pods and governing service. This
- defaults to web
- type: string
- priorityClassName:
- description: Priority class assigned to the Pods
- type: string
- queryConfig:
- description: Define configuration for connecting to thanos query instances.
- If this is defined, the QueryEndpoints field will be ignored. Maps
- to the `query.config` CLI argument. Only available with thanos v0.11.0
- and higher.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- queryEndpoints:
- description: QueryEndpoints defines Thanos querier endpoints from which
- to query metrics. Maps to the --query flag of thanos ruler.
- items:
- type: string
- type: array
- replicas:
- description: Number of thanos ruler instances to deploy.
- format: int32
- type: integer
- resources:
- description: Resources defines the resource requirements for single
- Pods. If not provided, no requests/limits will be set
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
- type: string
- description: 'Requests describes the minimum amount of compute resources
- required. If Requests is omitted for a container, it defaults
- to Limits if that is explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- retention:
- description: Time duration ThanosRuler shall retain data for. Default
- is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)`
- (milliseconds seconds minutes hours days weeks years).
- type: string
- routePrefix:
- description: The route prefix ThanosRuler registers HTTP handlers for.
- This allows thanos UI to be served on a sub-path.
- type: string
- ruleNamespaceSelector:
- description: Namespaces to be selected for Rules discovery. If unspecified,
- only the same namespace as the ThanosRuler object is in is used.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
properties:
- key:
- description: key is the label key that the selector applies
- to.
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- ruleSelector:
- description: A label selector to select which PrometheusRules to mount
- for alerting and recording.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that contains
- values, a key, and an operator that relates the key and values.
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to use to run the Thanos Ruler Pods.
+ type: string
+ storage:
+ description: Storage spec to specify how storage shall be used.
+ properties:
+ disableMountSubPath:
+ description: 'Deprecated: subPath usage will be disabled by default
+ in a future release, this option will become unnecessary. DisableMountSubPath
+ allows to remove any subPath usage in volume mounts.'
+ type: boolean
+ emptyDir:
+ description: 'EmptyDirVolumeSource to be used by the Prometheus
+ StatefulSets. If specified, used in place of any volumeClaimTemplate.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
properties:
- key:
- description: key is the label key that the selector applies
- to.
+ medium:
+ description: 'What type of storage medium should back this
+ directory. The default is "" which means to use the node''s
+ default medium. Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
- operator:
- description: operator represents a key's relationship to a
- set of values. Valid operators are In, NotIn, Exists and
- DoesNotExist.
+ sizeLimit:
+ description: 'Total amount of local storage required for this
+ EmptyDir volume. The size limit is also applicable for memory
+ medium. The maximum usage on memory medium EmptyDir would
+ be the minimum value between the SizeLimit specified here
+ and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
type: string
- values:
- description: values is an array of string values. If the operator
- is In or NotIn, the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the values array must
- be empty. This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator is
- "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- securityContext:
- description: SecurityContext holds pod-level security attributes and
- common container settings. This defaults to the default PodSecurityContext.
- properties:
- fsGroup:
- description: "A special supplemental group that applies to all containers
- in a pod. Some volume types allow the Kubelet to change the ownership
- of that volume to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files created in
- the volume will be owned by FSGroup) 3. The permission bits are
- OR'd with rw-rw---- \n If unset, the Kubelet will not modify the
- ownership and permissions of any volume."
- format: int64
- type: integer
- runAsGroup:
- description: The GID to run the entrypoint of the container process.
- Uses runtime default if unset. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for that container.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail to start
- the container if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If set
- in both SecurityContext and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified. May
- also be set in SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to all containers.
- If unspecified, the container runtime will allocate a random SELinux
- context for each container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for that container.
- properties:
- level:
- description: Level is SELinux level label that applies to the
- container.
- type: string
- role:
- description: Role is a SELinux role label that applies to the
- container.
- type: string
- type:
- description: Type is a SELinux type label that applies to the
- container.
- type: string
- user:
- description: User is a SELinux user label that applies to the
- container.
- type: string
- type: object
- supplementalGroups:
- description: A list of groups applied to the first process run in
- each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls used for
- the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
- items:
- description: Sysctl defines a kernel parameter to be set
+ volumeClaimTemplate:
+ description: A PVC spec to be used by the Prometheus StatefulSets.
properties:
- name:
- description: Name of a property to set
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
- value:
- description: Value of a property to set
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied to all containers.
- If unspecified, the options within a container's SecurityContext
- will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named by
- the GMSACredentialSpecName field. This field is alpha-level
- and is only honored by servers that enable the WindowsGMSA
- feature flag.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the GMSA
- credential spec to use. This field is alpha-level and is only
- honored by servers that enable the WindowsGMSA feature flag.
- type: string
- runAsUserName:
- description: The UserName in Windows to run the entrypoint of
- the container process. Defaults to the user specified in image
- metadata if unspecified. May also be set in PodSecurityContext.
- If set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence. This
- field is beta-level and may be disabled with the WindowsRunAsUserName
- feature flag.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: ServiceAccountName is the name of the ServiceAccount to
- use to run the Thanos Ruler Pods.
- type: string
- storage:
- description: Storage spec to specify how storage shall be used.
- properties:
- emptyDir:
- description: 'EmptyDirVolumeSource to be used by the Prometheus
- StatefulSets. If specified, used in place of any volumeClaimTemplate.
- More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
- properties:
- medium:
- description: 'What type of storage medium should back this directory.
- The default is "" which means to use the node''s default medium.
- Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- description: 'Total amount of local storage required for this
- EmptyDir volume. The size limit is also applicable for memory
- medium. The maximum usage on memory medium EmptyDir would
- be the minimum value between the SizeLimit specified here
- and the sum of memory limits of all containers in a pod. The
- default is nil which means that the limit is undefined. More
- info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- type: string
- type: object
- volumeClaimTemplate:
- description: A PVC spec to be used by the Prometheus StatefulSets.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this
- representation of an object. Servers should convert recognized
- schemas to the latest internal value, and may reject unrecognized
- values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource
- this object represents. Servers may infer this from the endpoint
- the client submits requests to. Cannot be updated. In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
- type: object
- spec:
- description: 'Spec defines the desired characteristics of a
- volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- accessModes:
- description: 'AccessModes contains the desired access modes
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- dataSource:
- description: This field requires the VolumeSnapshotDataSource
- alpha feature gate to be enabled and currently VolumeSnapshot
- is the only supported data source. If the provisioner
- can support VolumeSnapshot data source, it will create
- a new volume and data will be restored to the volume at
- the same time. If the provisioner does not support VolumeSnapshot
- data source, volume will not be created and the failure
- will be reported as an event. In the future, we plan to
- support more data source types and the behavior of the
- provisioner may change.
- properties:
- apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified, the
- specified Kind must be in the core API group. For
- any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
+ metadata:
+ description: EmbeddedMetadata contains metadata relevant to
+ an EmbeddedResource.
+ properties:
+ annotations:
+ additionalProperties:
type: string
- name:
- description: Name is the name of resource being referenced
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata. They
+ are not queryable and should be preserved when modifying
+ objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- limits:
- additionalProperties:
- type: string
- description: 'Limits describes the maximum amount of
- compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
- type: string
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is omitted
- for a container, it defaults to Limits if that is
- explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
- selector:
- description: A label query over volumes to consider for
- binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be empty.
- This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
- type: object
- type: object
- storageClassName:
- description: 'Name of the StorageClass required by the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines what type of volume is required
- by the claim. Value of Filesystem is implied when not
- included in claim spec. This is a beta feature.
- type: string
- volumeName:
- description: VolumeName is the binding reference to the
- PersistentVolume backing this claim.
- type: string
- type: object
- status:
- description: 'Status represents the current information/status
- of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- accessModes:
- description: 'AccessModes contains the actual access modes
- the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- capacity:
- additionalProperties:
+ description: 'Map of string keys and values that can be
+ used to organize and categorize (scope and select) objects.
+ May match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace.
+ Is required when creating resources, although some resources
+ may allow a client to request the generation of an appropriate
+ name automatically. Name is primarily intended for creation
+ idempotence and configuration definition. Cannot be
+ updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
- description: Represents the actual resources of the underlying
- volume.
- type: object
- conditions:
- description: Current Condition of persistent volume claim.
- If underlying persistent volume is being resized then
- the Condition will be set to 'ResizeStarted'.
- items:
- description: PersistentVolumeClaimCondition contails details
- about state of pvc
+ type: object
+ spec:
+ description: 'Spec defines the desired characteristics of
+ a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'This field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot
+ - Beta) * An existing PVC (PersistentVolumeClaim) *
+ An existing custom resource/object that implements data
+ population (Alpha) In order to use VolumeSnapshot object
+ types, the appropriate feature gate must be enabled
+ (VolumeSnapshotDataSource or AnyVolumeDataSource) If
+ the provisioner or an external controller can support
+ the specified data source, it will create a new volume
+ based on the contents of the specified data source.
+ If the specified data source is not supported, the volume
+ will not be created and the failure will be reported
+ as an event. In the future, we plan to support more
+ data source types and the behavior of the provisioner
+ may change.'
properties:
- lastProbeTime:
- description: Last time we probed the condition.
- format: date-time
- type: string
- lastTransitionTime:
- description: Last time the condition transitioned
- from one status to another.
- format: date-time
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
type: string
- message:
- description: Human-readable message indicating details
- about last transition.
+ kind:
+ description: Kind is the type of resource being referenced
type: string
- reason:
- description: Unique, this should be a short, machine
- understandable string that gives the reason for
- condition's last transition. If it reports "ResizeStarted"
- that means the underlying persistent volume is being
- resized.
- type: string
- status:
- type: string
- type:
- description: PersistentVolumeClaimConditionType is
- a valid value of PersistentVolumeClaimCondition.Type
+ name:
+ description: Name is the name of resource being referenced
type: string
required:
- - status
- - type
+ - kind
+ - name
type: object
- type: array
- phase:
- description: Phase represents the current phase of PersistentVolumeClaim.
- type: string
- type: object
- type: object
- type: object
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to tolerates any
- taint that matches the triple <key,value,effect> using the matching
- operator <operator>.
- properties:
- effect:
- description: Effect indicates the taint effect to match. Empty
- means match all taint effects. When specified, allowed values
- are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty, operator
- must be Exists; this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal. Exists
- is equivalent to wildcard for value, so that a pod can tolerate
- all taints of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period of time the
- toleration (which must be of effect NoExecute, otherwise this
- field is ignored) tolerates the taint. By default, it is not
- set, which means tolerate the taint forever (do not evict).
- Zero and negative values will be treated as 0 (evict immediately)
- by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise
- just a regular string.
- type: string
- type: object
- type: array
- tracingConfig:
- description: TracingConfig configures tracing in Thanos. This is an
- experimental feature, it may change in any upcoming release in a breaking
- way.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- volumes:
- description: Volumes allows configuration of additional volumes on the
- output StatefulSet definition. Volumes specified will be appended
- to other volumes that are generated as a result of StorageSpec objects.
- items:
- description: Volume represents a named volume in a pod that may be
- accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an AWS Disk resource
- that is attached to a kubelet''s host machine and then exposed
- to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- partition:
- description: 'The partition in the volume that you want to
- mount. If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for /dev/sda is
- "0" (or you can leave the property empty).'
- format: int32
- type: integer
- readOnly:
- description: 'Specify "true" to force and set the ReadOnly
- property in VolumeMounts to "true". If omitted, the default
- is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: boolean
- volumeID:
- description: 'Unique ID of the persistent disk resource in
- AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: AzureDisk represents an Azure Data Disk mount on
- the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'Host Caching mode: None, Read Only, Read Write.'
- type: string
- diskName:
- description: The Name of the data disk in the blob storage
- type: string
- diskURI:
- description: The URI the data disk in the blob storage
- type: string
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'Expected values Shared: multiple blob disks
- per storage account Dedicated: single blob disk per storage
- account Managed: azure managed data disk (only in managed
- availability set). defaults to shared'
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: AzureFile represents an Azure File Service mount
- on the host and bind mount to the pod.
- properties:
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: the name of secret that contains Azure Storage
- Account Name and Key
- type: string
- shareName:
- description: Share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: CephFS represents a Ceph FS mount on the host that
- shares a pod's lifetime
- properties:
- monitors:
- description: 'Required: Monitors is a collection of Ceph monitors
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- items:
- type: string
- type: array
- path:
- description: 'Optional: Used as the mounted root, rather than
- the full Ceph tree, default is /'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts. More
- info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: boolean
- secretFile:
- description: 'Optional: SecretFile is the path to key ring
- for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- secretRef:
- description: 'Optional: SecretRef is reference to the authentication
- secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ resources:
+ description: 'Resources represents the minimum resources
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ type: string
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider for
+ binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required by the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
- type: object
- user:
- description: 'Optional: User is the rados user name, default
- is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: 'Cinder represents a cinder volume attached and mounted
- on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- properties:
- fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts. More
- info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: boolean
- secretRef:
- description: 'Optional: points to a secret object containing
- parameters used to connect to OpenStack.'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference to the
+ PersistentVolume backing this claim.
type: string
type: object
- volumeID:
- description: 'volume id used to identify the volume in cinder.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: ConfigMap represents a configMap that should populate
- this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value pair in the Data
- field of the referenced ConfigMap will be projected into
- the volume as a file whose name is the key and content is
- the value. If specified, the listed keys will be projected
- into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the
- ConfigMap, the volume setup will error unless it is marked
- optional. Paths must be relative and may not contain the
- '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
- properties:
- key:
- description: The key to project.
+ status:
+ description: 'Status represents the current information/status
+ of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'AccessModes contains the actual access modes
+ the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
type: string
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the
- key to. May not be an absolute path. May not contain
- the path element '..'. May not start with the string
- '..'.
+ type: array
+ capacity:
+ additionalProperties:
type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its keys must
- be defined
- type: boolean
- type: object
- csi:
- description: CSI (Container Storage Interface) represents storage
- that is handled by an external CSI driver (Alpha feature).
- properties:
- driver:
- description: Driver is the name of the CSI driver that handles
- this volume. Consult with your admin for the correct name
- as registered in the cluster.
- type: string
- fsType:
- description: Filesystem type to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is passed to the
- associated CSI driver which will determine the default filesystem
- to apply.
- type: string
- nodePublishSecretRef:
- description: NodePublishSecretRef is a reference to the secret
- object containing sensitive information to pass to the CSI
- driver to complete the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be empty if no secret
- is required. If the secret object contains more than one
- secret, all secret references are passed.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- readOnly:
- description: Specifies a read-only configuration for the volume.
- Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: VolumeAttributes stores driver-specific properties
- that are passed to the CSI driver. Consult your driver's
- documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: DownwardAPI represents downward API about the pod
- that should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume file
- items:
- description: DownwardAPIVolumeFile represents information
- to create the file containing the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of the pod:
- only annotations, labels, name and namespace are supported.'
+ description: Represents the actual resources of the underlying
+ volume.
+ type: object
+ conditions:
+ description: Current Condition of persistent volume claim.
+ If underlying persistent volume is being resized then
+ the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails
+ details about state of pvc
properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
+ lastProbeTime:
+ description: Last time we probed the condition.
+ format: date-time
type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
+ lastTransitionTime:
+ description: Last time the condition transitioned
+ from one status to another.
+ format: date-time
type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative path name
- of the file to be created. Must not be absolute or
- contain the ''..'' path. Must be utf-8 encoded. The
- first item of the relative path must not start with
- ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are currently supported.'
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
+ message:
+ description: Human-readable message indicating details
+ about last transition.
+ type: string
+ reason:
+ description: Unique, this should be a short, machine
+ understandable string that gives the reason for
+ condition's last transition. If it reports "ResizeStarted"
+ that means the underlying persistent volume is
+ being resized.
type: string
- divisor:
- description: Specifies the output format of the
- exposed resources, defaults to "1"
+ status:
type: string
- resource:
- description: 'Required: resource to select'
+ type:
+ description: PersistentVolumeClaimConditionType
+ is a valid value of PersistentVolumeClaimCondition.Type
type: string
required:
- - resource
+ - status
+ - type
type: object
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: 'EmptyDir represents a temporary directory that shares
- a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- properties:
- medium:
- description: 'What type of storage medium should back this
- directory. The default is "" which means to use the node''s
- default medium. Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- description: 'Total amount of local storage required for this
- EmptyDir volume. The size limit is also applicable for memory
- medium. The maximum usage on memory medium EmptyDir would
- be the minimum value between the SizeLimit specified here
- and the sum of memory limits of all containers in a pod.
- The default is nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- type: string
+ type: array
+ phase:
+ description: Phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ type: object
type: object
- fc:
- description: FC represents a Fibre Channel resource that is attached
- to a kubelet's host machine and then exposed to the pod.
- properties:
- fsType:
- description: 'Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- lun:
- description: 'Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.'
- type: boolean
- targetWWNs:
- description: 'Optional: FC target worldwide names (WWNs)'
- items:
+ type: object
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ tracingConfig:
+ description: TracingConfig configures tracing in Thanos. This is an
+ experimental feature, it may change in any upcoming release in a
+ breaking way.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ volumes:
+ description: Volumes allows configuration of additional volumes on
+ the output StatefulSet definition. Volumes specified will be appended
+ to other volumes that are generated as a result of StorageSpec objects.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
type: string
- type: array
- wwids:
- description: 'Optional: FC volume world wide identifiers (wwids)
- Either wwids or combination of targetWWNs and lun must be
- set, but not both simultaneously.'
- items:
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify the
+ partition as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force and set the ReadOnly
+ property in VolumeMounts to "true". If omitted, the default
+ is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent disk resource
+ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
- type: array
- type: object
- flexVolume:
- description: FlexVolume represents a generic volume resource that
- is provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: Driver is the name of the driver to use for this
- volume.
- type: string
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends on FlexVolume
- script.
- type: string
- options:
- additionalProperties:
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None, Read Only, Read Write.'
type: string
- description: 'Optional: Extra command options if any.'
- type: object
- readOnly:
- description: 'Optional: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.'
- type: boolean
- secretRef:
- description: 'Optional: SecretRef is reference to the secret
- object containing sensitive information to pass to the plugin
- scripts. This may be empty if no secret object is specified.
- If the secret object contains more than one secret, all
- secrets are passed to the plugin scripts.'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ diskName:
+ description: The Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared: multiple blob disks
+ per storage account Dedicated: single blob disk per storage
+ account Managed: azure managed data disk (only in managed
+ availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that contains Azure Storage
+ Account Name and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is a collection of Ceph
+ monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
type: string
- type: object
- required:
- - driver
- type: object
- flocker:
- description: Flocker represents a Flocker volume attached to a
- kubelet's host machine. This depends on the Flocker control
- service being running
- properties:
- datasetName:
- description: Name of the dataset stored as metadata -> name
- on the dataset for Flocker should be considered as deprecated
- type: string
- datasetUUID:
- description: UUID of the dataset. This is unique identifier
- of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE Disk resource
- that is attached to a kubelet''s host machine and then exposed
- to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- partition:
- description: 'The partition in the volume that you want to
- mount. If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for /dev/sda is
- "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: 'Unique name of the PD resource in GCE. Used
- to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: 'GitRepo represents a git repository at a particular
- revision. DEPRECATED: GitRepo is deprecated. To provision a
- container with a git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the EmptyDir into
- the Pod''s container.'
- properties:
- directory:
- description: Target directory name. Must not contain or start
- with '..'. If '.' is supplied, the volume directory will
- be the git repository. Otherwise, if specified, the volume
- will contain the git repository in the subdirectory with
- the given name.
- type: string
- repository:
- description: Repository URL
- type: string
- revision:
- description: Commit hash for the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: 'Glusterfs represents a Glusterfs mount on the host
- that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
- properties:
- endpoints:
- description: 'EndpointsName is the endpoint name that details
- Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- path:
- description: 'Path is the Glusterfs volume path. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- readOnly:
- description: 'ReadOnly here will force the Glusterfs volume
- to be mounted with read-only permissions. Defaults to false.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: 'HostPath represents a pre-existing file or directory
- on the host machine that is directly exposed to the container.
- This is generally used for system agents or other privileged
- things that are allowed to see the host machine. Most containers
- will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can use host directory
- mounts and who can/can not mount host directories as read/write.'
- properties:
- path:
- description: 'Path of the directory on the host. If the path
- is a symlink, it will follow the link to the real path.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- type:
- description: 'Type for HostPath Volume Defaults to "" More
- info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: 'ISCSI represents an ISCSI Disk resource that is
- attached to a kubelet''s host machine and then exposed to the
- pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
- properties:
- chapAuthDiscovery:
- description: whether support iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: whether support iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- initiatorName:
- description: Custom iSCSI Initiator Name. If initiatorName
- is specified with iscsiInterface simultaneously, new iSCSI
- interface <target portal>:<volume name> will be created
- for the connection.
- type: string
- iqn:
- description: Target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iSCSI Interface Name that uses an iSCSI transport.
- Defaults to 'default' (tcp).
- type: string
- lun:
- description: iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: iSCSI Target Portal List. The portal is either
- an IP or ip_addr:port if the port is other than default
- (typically TCP ports 860 and 3260).
+ type: array
+ path:
+ description: 'Optional: Used as the mounted root, rather
+ than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile is the path to key ring
+ for User, default is /etc/ceph/user.secret More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef is reference to the authentication
+ secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the rados user name, default
+ is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to a secret object containing
+ parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in the
+ Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map
+ the key to. May not be an absolute path. May not
+ contain the path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its keys must
+ be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface) represents storage
+ that is handled by an external CSI driver (Alpha feature).
+ properties:
+ driver:
+ description: Driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed to
+ the associated CSI driver which will determine the default
+ filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only configuration for the
+ volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage medium should back this
+ directory. The default is "" which means to use the node''s
+ default medium. Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ description: 'Total amount of local storage required for
+ this EmptyDir volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory medium
+ EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the limit
+ is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ type: string
+ type: object
+ fc:
+ description: FC represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef is reference to the secret
+ object containing sensitive information to pass to the
+ plugin scripts. This may be empty if no secret object
+ is specified. If the secret object contains more than
+ one secret, all secrets are passed to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored as metadata -> name
+ on the dataset for Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'The partition in the volume that you want
+ to mount. If omitted, the default is to mount by volume
+ name. Examples: For volume /dev/sda1, you specify the
+ partition as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD resource in GCE. Used
+ to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name. Must not contain or
+ start with '..'. If '.' is supplied, the volume directory
+ will be the git repository. Otherwise, if specified,
+ the volume will contain the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously, new iSCSI
+ interface <target portal>:<volume name> will be created
+ for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List. The portal is either
+ an IP or ip_addr:port if the port is other than default
+ (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI target and initiator
+ authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal. The Portal is either an
+ IP or ip_addr:port if the port is other than default (typically
+ TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon Controller persistent
+ disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources secrets, configmaps,
+ and downward API
+ properties:
+ defaultMode:
+ description: Mode bits to use on created files by default.
+ Must be a value between 0 and 0777. Directories within
+ the path are not affected by this setting. This might
+ be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits
+ set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: information about the configMap data
+ to project
+ properties:
+ items:
+ description: If unspecified, each key-value pair
+ in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file
+ to map the key to. May not be an absolute
+ path. May not contain the path element
+ '..'. May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about the downwardAPI data
+ to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ type: string
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about the secret data to
+ project
+ properties:
+ items:
+ description: If unspecified, each key-value pair
+ in the Data field of the referenced Secret will
+ be projected into the volume as a file whose
+ name is the key and content is the value. If
+ specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use
+ on this file, must be a value between
+ 0 and 0777. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file
+ to map the key to. May not be an absolute
+ path. May not contain the path element
+ '..'. May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: Audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ required:
+ - sources
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: Group to map volume access to Default is no
+ group
type: string
- type: array
- readOnly:
- description: ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: CHAP Secret for iSCSI target and initiator authentication
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ readOnly:
+ description: ReadOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: Registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: Tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: Volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the volume that you want
+ to mount. Tip: Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph monitors. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
type: string
- type: object
- targetPortal:
- description: iSCSI Target Portal. The Portal is either an
- IP or ip_addr:port if the port is other than default (typically
- TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: 'Volume''s name. Must be a DNS_LABEL and unique within
- the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- nfs:
- description: 'NFS represents an NFS mount on the host that shares
- a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'Path that is exported by the NFS server. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'ReadOnly here will force the NFS export to be
- mounted with read-only permissions. Defaults to false. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'Server is the hostname or IP address of the
- NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource represents a reference
- to a PersistentVolumeClaim in the same namespace. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this volume. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: Will force the ReadOnly setting in VolumeMounts.
- Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: ID that identifies Photon Controller persistent
- disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: PortworxVolume represents a portworx volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: FSType represents the filesystem type to mount
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: VolumeID uniquely identifies a Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: Items for all in one resources secrets, configmaps,
- and downward API
- properties:
- defaultMode:
- description: Mode bits to use on created files by default.
- Must be a value between 0 and 0777. Directories within the
- path are not affected by this setting. This might be in
- conflict with other options that affect the file mode, like
- fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: list of volume projections
- items:
- description: Projection that may be projected along with
- other supported volume types
+ type: array
+ pool:
+ description: 'The rados pool name. Default is rbd. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
- configMap:
- description: information about the configMap data to
- project
- properties:
- items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced ConfigMap
- will be projected into the volume as a file whose
- name is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present.
- If a key is specified which is not present in
- the ConfigMap, the volume setup will error unless
- it is marked optional. Paths must be relative
- and may not contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its
- keys must be defined
- type: boolean
- type: object
- downwardAPI:
- description: information about the downwardAPI data
- to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing the
- pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of
- the pod: only annotations, labels, name
- and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created. Must
- not be absolute or contain the ''..'' path.
- Must be utf-8 encoded. The first item of
- the relative path must not start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, requests.cpu and requests.memory)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- type: string
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: information about the secret data to project
- properties:
- items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced Secret will
- be projected into the volume as a file whose name
- is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present.
- If a key is specified which is not present in
- the Secret, the volume setup will error unless
- it is marked optional. Paths must be relative
- and may not contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on
- this file, must be a value between 0 and
- 0777. If not specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- type: object
- serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
- properties:
- audience:
- description: Audience is the intended audience of
- the token. A recipient of a token must identify
- itself with an identifier specified in the audience
- of the token, and otherwise should reject the
- token. The audience defaults to the identifier
- of the apiserver.
- type: string
- expirationSeconds:
- description: ExpirationSeconds is the requested
- duration of validity of the service account token.
- As the token approaches expiration, the kubelet
- volume plugin will proactively rotate the service
- account token. The kubelet will start trying to
- rotate the token if the token is older than 80
- percent of its time to live or if the token is
- older than 24 hours.Defaults to 1 hour and must
- be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: Path is the path relative to the mount
- point of the file to project the token into.
- type: string
- required:
- - path
- type: object
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
type: object
- type: array
- required:
- - sources
- type: object
- quobyte:
- description: Quobyte represents a Quobyte mount on the host that
- shares a pod's lifetime
- properties:
- group:
- description: Group to map volume access to Default is no group
- type: string
- readOnly:
- description: ReadOnly here will force the Quobyte volume to
- be mounted with read-only permissions. Defaults to false.
- type: boolean
- registry:
- description: Registry represents a single or multiple Quobyte
- Registry services specified as a string as host:port pair
- (multiple entries are separated with commas) which acts
- as the central registry for volumes
- type: string
- tenant:
- description: Tenant owning the given Quobyte volume in the
- Backend Used with dynamically provisioned Quobyte volumes,
- value is set by the plugin
- type: string
- user:
- description: User to map volume access to Defaults to serivceaccount
- user
- type: string
- volume:
- description: Volume is a string that references an already
- created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'RBD represents a Rados Block Device mount on the
- host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want
- to mount. Tip: Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- image:
- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'Keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
+ user:
+ description: 'The rados user name. Default is admin. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
- type: array
- pool:
- description: 'The rados pool name. Default is rbd. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'SecretRef is name of the authentication secret
- for RBDUser. If provided overrides keyring. Default is nil.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- user:
- description: 'The rados user name. Default is admin. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: ScaleIO represents a ScaleIO persistent volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: The host address of the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: The name of the ScaleIO Protection Domain for
- the configured storage.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef references to the secret for ScaleIO
- user and other sensitive information. If this is not provided,
- Login operation will fail.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- sslEnabled:
- description: Flag to enable/disable SSL communication with
- Gateway, default false
- type: boolean
- storageMode:
- description: Indicates whether the storage for a volume should
- be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: The ScaleIO Storage Pool associated with the
- protection domain.
- type: string
- system:
- description: The name of the storage system as configured
- in ScaleIO.
- type: string
- volumeName:
- description: The name of a volume already created in the ScaleIO
- system that is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'Secret represents a secret that should populate
- this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a value between 0 and 0777. Defaults
- to 0644. Directories within the path are not affected by
- this setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value pair in the Data
- field of the referenced Secret will be projected into the
- volume as a file whose name is the key and content is the
- value. If specified, the listed keys will be projected into
- the specified paths, and unlisted keys will not be present.
- If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional.
- Paths must be relative and may not contain the '..' path
- or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: The host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO Protection Domain for
+ the configured storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
properties:
- key:
- description: The key to project.
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- mode:
- description: 'Optional: mode bits to use on this file,
- must be a value between 0 and 0777. If not specified,
- the volume defaultMode will be used. This might be
- in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode
- bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the
- key to. May not be an absolute path. May not contain
- the path element '..'. May not start with the string
- '..'.
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable SSL communication with
+ Gateway, default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the storage for a volume
+ should be ThickProvisioned or ThinProvisioned. Default
+ is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool associated with the
+ protection domain.
+ type: string
+ system:
+ description: The name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume already created in the
+ ScaleIO system that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a value between 0 and 0777. Defaults
+ to 0644. Directories within the path are not affected
+ by this setting. This might be in conflict with other
+ options that affect the file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each key-value pair in the
+ Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode bits to use on this file,
+ must be a value between 0 and 0777. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path of the file to map
+ the key to. May not be an absolute path. May not
+ contain the path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret or its keys must
+ be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in the pod''s namespace
+ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- required:
- - key
- - path
type: object
- type: array
- optional:
- description: Specify whether the Secret or its keys must be
- defined
- type: boolean
- secretName:
- description: 'Name of the secret in the pod''s namespace to
- use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: StorageOS represents a StorageOS volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here
- will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef specifies the secret to use for obtaining
- the StorageOS API credentials. If not specified, default
- values will be attempted.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- volumeName:
- description: VolumeName is the human-readable name of the
- StorageOS volume. Volume names are only unique within a
- namespace.
- type: string
- volumeNamespace:
- description: VolumeNamespace specifies the scope of the volume
- within StorageOS. If no namespace is specified then the
- Pod's namespace will be used. This allows the Kubernetes
- name scoping to be mirrored within StorageOS for tighter
- integration. Set VolumeName to any name to override the
- default behaviour. Set to "default" if you are not using
- namespaces within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: VsphereVolume represents a vSphere volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem
- type supported by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: Storage Policy Based Management (SPBM) profile
- ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: Storage Policy Based Management (SPBM) profile
- name.
- type: string
- volumePath:
- description: Path that identifies vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- status:
- description: 'Most recent observed status of the ThanosRuler cluster. Read-only.
- Not included when requesting from the apiserver, only from the ThanosRuler
- Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- availableReplicas:
- description: Total number of available pods (ready for at least minReadySeconds)
- targeted by this ThanosRuler deployment.
- format: int32
- type: integer
- paused:
- description: Represents whether any actions on the underlying managed
- objects are being performed. Only delete actions will be performed.
- type: boolean
- replicas:
- description: Total number of non-terminated pods targeted by this ThanosRuler
- deployment (their labels match the selector).
- format: int32
- type: integer
- unavailableReplicas:
- description: Total number of unavailable pods targeted by this ThanosRuler
- deployment.
- format: int32
- type: integer
- updatedReplicas:
- description: Total number of non-terminated pods targeted by this ThanosRuler
- deployment that have the desired version spec.
- format: int32
- type: integer
- required:
- - availableReplicas
- - paused
- - replicas
- - unavailableReplicas
- - updatedReplicas
- type: object
- required:
- - spec
- type: object
- version: v1
- versions:
- - name: v1
+ volumeName:
+ description: VolumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount. Must be a filesystem
+ type supported by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based Management (SPBM) profile
+ ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based Management (SPBM) profile
+ name.
+ type: string
+ volumePath:
+ description: Path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ status:
+ description: 'Most recent observed status of the ThanosRuler cluster.
+ Read-only. Not included when requesting from the apiserver, only from
+ the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ availableReplicas:
+ description: Total number of available pods (ready for at least minReadySeconds)
+ targeted by this ThanosRuler deployment.
+ format: int32
+ type: integer
+ paused:
+ description: Represents whether any actions on the underlying managed
+ objects are being performed. Only delete actions will be performed.
+ type: boolean
+ replicas:
+ description: Total number of non-terminated pods targeted by this
+ ThanosRuler deployment (their labels match the selector).
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: Total number of unavailable pods targeted by this ThanosRuler
+ deployment.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated pods targeted by this
+ ThanosRuler deployment that have the desired version spec.
+ format: int32
+ type: integer
+ required:
+ - availableReplicas
+ - paused
+ - replicas
+ - unavailableReplicas
+ - updatedReplicas
+ type: object
+ required:
+ - spec
+ type: object
served: true
storage: true
status:
diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml
index f42e2fe3ef827b50cfef7aa8f62cdcad3303d090..6afaa774935ff4ded6bf773ddd4cd83d9961c9d4 100644
--- a/manifests/setup/prometheus-operator-clusterRole.yaml
+++ b/manifests/setup/prometheus-operator-clusterRole.yaml
@@ -4,29 +4,9 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.38.1
+ app.kubernetes.io/version: v0.39.0
name: prometheus-operator
rules:
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - create
-- apiGroups:
- - apiextensions.k8s.io
- resourceNames:
- - alertmanagers.monitoring.coreos.com
- - podmonitors.monitoring.coreos.com
- - prometheuses.monitoring.coreos.com
- - prometheusrules.monitoring.coreos.com
- - servicemonitors.monitoring.coreos.com
- - thanosrulers.monitoring.coreos.com
- resources:
- - customresourcedefinitions
- verbs:
- - get
- - update
- apiGroups:
- monitoring.coreos.com
resources:
diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml
index 765d3b6f09939e5499f1c55b0ebd55a2d68c2bb0..c493a746c20718ed5629c5033289d8f01cc1aeaf 100644
--- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml
+++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.38.1
+ app.kubernetes.io/version: v0.39.0
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml
index e234a1d73cbd5f4c995c185deb7407c40919ddb0..1bfb05c4c56961f5f844cd60577ed53856882f58 100644
--- a/manifests/setup/prometheus-operator-deployment.yaml
+++ b/manifests/setup/prometheus-operator-deployment.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.38.1
+ app.kubernetes.io/version: v0.39.0
name: prometheus-operator
namespace: monitoring
spec:
@@ -18,15 +18,15 @@ spec:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.38.1
+ app.kubernetes.io/version: v0.39.0
spec:
containers:
- args:
- --kubelet-service=kube-system/kubelet
- --logtostderr=true
- --config-reloader-image=jimmidyson/configmap-reload:v0.3.0
- - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.38.1
- image: quay.io/coreos/prometheus-operator:v0.38.1
+ - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.39.0
+ image: quay.io/coreos/prometheus-operator:v0.39.0
name: prometheus-operator
ports:
- containerPort: 8080
diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml
index 1e9fd769fe32d7c6aff7b8280ba91674f6071f46..c3c3debb2cfbf7aa4b123931fd2d5c59116cf0d7 100644
--- a/manifests/setup/prometheus-operator-service.yaml
+++ b/manifests/setup/prometheus-operator-service.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.38.1
+ app.kubernetes.io/version: v0.39.0
name: prometheus-operator
namespace: monitoring
spec:
diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml
index bf622bf56189f7b951be18afa215fe0ceb8327bc..39d14d95e3e285a320654ab69d25199767178b9a 100644
--- a/manifests/setup/prometheus-operator-serviceAccount.yaml
+++ b/manifests/setup/prometheus-operator-serviceAccount.yaml
@@ -4,6 +4,6 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.38.1
+ app.kubernetes.io/version: v0.39.0
name: prometheus-operator
namespace: monitoring