From ded3f7bda8cb1809d9d8604443e67d74dc3547f3 Mon Sep 17 00:00:00 2001
From: Philip Gough <philip.p.gough@gmail.com>
Date: Thu, 16 Dec 2021 12:10:11 +0000
Subject: [PATCH] Sync dependencies prior to release-0.10
---
jsonnetfile.lock.json | 32 +-
...0alertmanagerCustomResourceDefinition.yaml | 363 +++++++++++++-----
.../0prometheusCustomResourceDefinition.yaml | 363 +++++++++++++-----
.../0thanosrulerCustomResourceDefinition.yaml | 363 +++++++++++++-----
4 files changed, 817 insertions(+), 304 deletions(-)
diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index 7b06c7be..ee529760 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -18,8 +18,8 @@
"subdir": "contrib/mixin"
}
},
- "version": "29292aa7bdafaf65cb5e054591fe0ff07b36f5ee",
- "sum": "cdKL5kPYfpWSpTCu4qctmh+gWQqL+4YWom6rw9qLYJU="
+ "version": "73080a716634f45d50d0593e0454ed3206a52f5b",
+ "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
},
{
"source": {
@@ -38,7 +38,7 @@
"subdir": "grafana-builder"
}
},
- "version": "b102f9ac7d1290ac025c2a7ac99f7fd9a9948503",
+ "version": "3f17cac91d85f4e79d00373e3a8e7ad82d9cefbf",
"sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc="
},
{
@@ -48,8 +48,8 @@
"subdir": ""
}
},
- "version": "9821d07e94e9a9916575a234fb699ae3331fa939",
- "sum": "xubNXyvDwUw9GZzi9BRb6ob3bYzfoMr5F5zCVn2d7ag="
+ "version": "b538a10c89508f8d12885680cca72a134d3127f5",
+ "sum": "GLt5T2k4RKg36Gfcaf9qlTfVumDitqotVD0ipz/bPJ4="
},
{
"source": {
@@ -58,7 +58,7 @@
"subdir": "lib/promgrafonnet"
}
},
- "version": "9821d07e94e9a9916575a234fb699ae3331fa939",
+ "version": "fd913499e956da06f520c3784c59573ee552b152",
"sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps="
},
{
@@ -68,7 +68,7 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
- "version": "b761b5382bdd85d7af915516f48cba1c46859c1d",
+ "version": "b550d7a3bce031bdb51c4bf21cc992a785fc3188",
"sum": "U1wzIpTAtOvC1yj43Y8PfvT0JfvnAcMfNH12Wi+ab0Y="
},
{
@@ -78,7 +78,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
- "version": "b761b5382bdd85d7af915516f48cba1c46859c1d",
+ "version": "b550d7a3bce031bdb51c4bf21cc992a785fc3188",
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
},
{
@@ -88,7 +88,7 @@
"subdir": "jsonnet/mixin"
}
},
- "version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
+ "version": "1b4cc829251a4c129615efe707d9403c7248888e",
"sum": "qZ4WgiweaE6eeKtFK60QUjLO8sf2L9Q8fgafWvDcyfY=",
"name": "prometheus-operator-mixin"
},
@@ -99,8 +99,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
- "version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
- "sum": "Vr2IY6Uz1lYYyGDF7QaEAVkJwAtOEikCfuXJN2eAUM0="
+ "version": "1b4cc829251a4c129615efe707d9403c7248888e",
+ "sum": "9R1mw4Tz0/1V1QWkJMzqE4+iXXONEfYVikW8Mj5AOcA="
},
{
"source": {
@@ -109,7 +109,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
- "version": "e2a10119aaf7777fa523d216e05897c5b719134c",
+ "version": "16fa045db47d68a09a102c7b80b8899c1f57c153",
"sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=",
"name": "alertmanager"
},
@@ -120,7 +120,7 @@
"subdir": "docs/node-mixin"
}
},
- "version": "7dbf35891570f9ce3bccb25a55176ea4923b35dd",
+ "version": "a2321e7b940ddcff26873612bccdf7cd4c42b6b6",
"sum": "MlWDAKGZ+JArozRKdKEvewHeWn8j2DNBzesJfLVd0dk="
},
{
@@ -130,7 +130,7 @@
"subdir": "documentation/prometheus-mixin"
}
},
- "version": "6f3e664ae712850b020d95c5c8b8a6ff841803bd",
+ "version": "67a64ee092b79e797ea9aa46856a15c435093c7e",
"sum": "ZjQoYhvgKwJNkg+h+m9lW3SYjnjv5Yx5btEipLhru88=",
"name": "prometheus"
},
@@ -141,8 +141,8 @@
"subdir": "mixin"
}
},
- "version": "9a26b0edee19a06c6e99a09e33ebceca734c91f9",
- "sum": "1Y1cPIeoPg2nCAEhKPCt8bAGuwuOP2eZ3kVF432mlMA=",
+ "version": "632032712f12eea0015aaef24ee1e14f38ef3e55",
+ "sum": "X+060DnePPeN/87fgj0SrfxVitywTk8hZA9V4nHxl1g=",
"name": "thanos-mixin"
},
{
diff --git a/manifests/setup/0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/0alertmanagerCustomResourceDefinition.yaml
index c075d078..f48b94bc 100644
--- a/manifests/setup/0alertmanagerCustomResourceDefinition.yaml
+++ b/manifests/setup/0alertmanagerCustomResourceDefinition.yaml
@@ -1222,8 +1222,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1284,9 +1283,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1309,18 +1309,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1381,9 +1379,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1408,8 +1407,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1430,6 +1428,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1493,9 +1510,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1593,8 +1609,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1615,6 +1630,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1678,9 +1712,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1761,12 +1794,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -1786,25 +1821,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -1822,7 +1861,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -1831,7 +1871,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -1854,6 +1895,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -1879,6 +1922,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -1924,8 +1969,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1946,6 +1990,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2009,9 +2072,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2416,8 +2478,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2478,9 +2539,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2503,18 +2565,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2575,9 +2635,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2602,8 +2663,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2624,6 +2684,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2687,9 +2766,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2787,8 +2865,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2809,6 +2886,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2872,9 +2968,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2955,12 +3050,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -2980,25 +3077,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3016,7 +3117,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3025,7 +3127,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3048,6 +3151,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3073,6 +3178,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3118,8 +3225,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3140,6 +3246,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3203,9 +3328,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3483,7 +3607,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
- any volume."
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -3493,13 +3618,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
- If not specified, "Always" is used.'
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3516,7 +3643,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3525,6 +3653,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -3545,7 +3674,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
- pod.
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3567,7 +3697,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -3575,7 +3706,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -3594,7 +3726,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3789,7 +3922,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4004,7 +4141,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4100,6 +4241,27 @@ spec:
items:
type: string
type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: The storage resource within AllocatedResources
+ tracks the capacity allocated to a PVC. It may be larger
+ than the actual capacity when a volume expansion operation
+ is requested. For storage quota, the larger value from
+ allocatedResources and PVC.spec.resources is used. If
+ allocatedResources is not set, PVC.spec.resources alone
+ is used for quota calculation. If a volume expansion
+ capacity request is lowered, allocatedResources is only
+ lowered if there are no expansion operations in progress
+ and if the actual volume capacity is equal or lower
+ than the requested capacity. This is an alpha field
+ and requires enabling RecoverVolumeExpansionFailure
+ feature.
+ type: object
capacity:
additionalProperties:
anyOf:
@@ -4152,6 +4314,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
+ resizeStatus:
+ description: ResizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
type: object
type: object
type: object
@@ -4284,7 +4453,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
- an incoming pod if and only if every possible node assigment
+ an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -4747,9 +4916,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
- volumes at the same time. \n This is a beta feature and only
- available when the GenericEphemeralVolume feature gate is
- enabled."
+ volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -4866,7 +5033,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
diff --git a/manifests/setup/0prometheusCustomResourceDefinition.yaml b/manifests/setup/0prometheusCustomResourceDefinition.yaml
index f1dca49c..e90e05ae 100644
--- a/manifests/setup/0prometheusCustomResourceDefinition.yaml
+++ b/manifests/setup/0prometheusCustomResourceDefinition.yaml
@@ -1636,8 +1636,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1698,9 +1697,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1723,18 +1723,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1795,9 +1793,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1822,8 +1821,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1844,6 +1842,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1907,9 +1924,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2007,8 +2023,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2029,6 +2044,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2092,9 +2126,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2175,12 +2208,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -2200,25 +2235,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -2236,7 +2275,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -2245,7 +2285,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -2268,6 +2309,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -2293,6 +2336,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -2338,8 +2383,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2360,6 +2404,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2423,9 +2486,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2921,8 +2983,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2983,9 +3044,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -3008,18 +3070,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3080,9 +3140,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -3107,8 +3168,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3129,6 +3189,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3192,9 +3271,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3292,8 +3370,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3314,6 +3391,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3377,9 +3473,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3460,12 +3555,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3485,25 +3582,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3521,7 +3622,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3530,7 +3632,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3553,6 +3656,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3578,6 +3683,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3623,8 +3730,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3645,6 +3751,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3708,9 +3833,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -5182,7 +5306,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
- any volume."
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -5192,13 +5317,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
- If not specified, "Always" is used.'
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -5215,7 +5342,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -5224,6 +5352,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -5244,7 +5373,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
- pod.
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -5266,7 +5396,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -5274,7 +5405,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -5293,7 +5425,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -5589,7 +5722,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -5804,7 +5941,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -5900,6 +6041,27 @@ spec:
items:
type: string
type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: The storage resource within AllocatedResources
+ tracks the capacity allocated to a PVC. It may be larger
+ than the actual capacity when a volume expansion operation
+ is requested. For storage quota, the larger value from
+ allocatedResources and PVC.spec.resources is used. If
+ allocatedResources is not set, PVC.spec.resources alone
+ is used for quota calculation. If a volume expansion
+ capacity request is lowered, allocatedResources is only
+ lowered if there are no expansion operations in progress
+ and if the actual volume capacity is equal or lower
+ than the requested capacity. This is an alpha field
+ and requires enabling RecoverVolumeExpansionFailure
+ feature.
+ type: object
capacity:
additionalProperties:
anyOf:
@@ -5952,6 +6114,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
+ resizeStatus:
+ description: ResizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
type: object
type: object
type: object
@@ -6389,7 +6558,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
- an incoming pod if and only if every possible node assigment
+ an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -6852,9 +7021,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
- volumes at the same time. \n This is a beta feature and only
- available when the GenericEphemeralVolume feature gate is
- enabled."
+ volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -6971,7 +7138,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
diff --git a/manifests/setup/0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/0thanosrulerCustomResourceDefinition.yaml
index b1575931..d514f148 100644
--- a/manifests/setup/0thanosrulerCustomResourceDefinition.yaml
+++ b/manifests/setup/0thanosrulerCustomResourceDefinition.yaml
@@ -1149,8 +1149,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1211,9 +1210,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1236,18 +1236,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1308,9 +1306,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1335,8 +1334,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1357,6 +1355,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1420,9 +1437,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1520,8 +1536,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1542,6 +1557,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1605,9 +1639,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1688,12 +1721,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -1713,25 +1748,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -1749,7 +1788,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -1758,7 +1798,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -1781,6 +1822,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -1806,6 +1849,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -1851,8 +1896,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1873,6 +1917,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1936,9 +1999,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2462,8 +2524,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2524,9 +2585,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2549,18 +2611,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2621,9 +2681,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2648,8 +2709,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2670,6 +2730,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2733,9 +2812,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2833,8 +2911,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2855,6 +2932,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2918,9 +3014,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3001,12 +3096,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3026,25 +3123,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3062,7 +3163,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3071,7 +3173,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3094,6 +3197,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3119,6 +3224,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3164,8 +3271,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3186,6 +3292,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3249,9 +3374,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3685,7 +3809,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
- any volume."
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -3695,13 +3820,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
- If not specified, "Always" is used.'
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3718,7 +3845,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3727,6 +3855,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -3747,7 +3876,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
- pod.
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3769,7 +3899,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -3777,7 +3908,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -3796,7 +3928,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3983,7 +4116,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4198,7 +4335,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4294,6 +4435,27 @@ spec:
items:
type: string
type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: The storage resource within AllocatedResources
+ tracks the capacity allocated to a PVC. It may be larger
+ than the actual capacity when a volume expansion operation
+ is requested. For storage quota, the larger value from
+ allocatedResources and PVC.spec.resources is used. If
+ allocatedResources is not set, PVC.spec.resources alone
+ is used for quota calculation. If a volume expansion
+ capacity request is lowered, allocatedResources is only
+ lowered if there are no expansion operations in progress
+ and if the actual volume capacity is equal or lower
+ than the requested capacity. This is an alpha field
+ and requires enabling RecoverVolumeExpansionFailure
+ feature.
+ type: object
capacity:
additionalProperties:
anyOf:
@@ -4346,6 +4508,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
+ resizeStatus:
+ description: ResizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
type: object
type: object
type: object
@@ -4472,7 +4641,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
- an incoming pod if and only if every possible node assigment
+ an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -4909,9 +5078,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
- volumes at the same time. \n This is a beta feature and only
- available when the GenericEphemeralVolume feature gate is
- enabled."
+ volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -5028,7 +5195,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
--
GitLab