Created
November 16, 2022 11:00
-
-
Save shoma/00b388d2433aee7b621e7933454e1651 to your computer and use it in GitHub Desktop.
Google Kubernetes Engine CustomResourceDefinition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| items: | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:36Z" | |
| generation: 1 | |
| name: backendconfigs.cloud.google.com | |
| resourceVersion: "806" | |
| uid: 8cf21b33-1698-48e9-bb3b-2b6435cf4805 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: cloud.google.com | |
| names: | |
| kind: BackendConfig | |
| listKind: BackendConfigList | |
| plural: backendconfigs | |
| shortNames: | |
| - bc | |
| singular: backendconfig | |
| scope: Namespaced | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: BackendConfigSpec is the spec for a BackendConfig resource | |
| properties: | |
| cdn: | |
| description: CDNConfig contains configuration for CDN-enabled backends. | |
| properties: | |
| bypassCacheOnRequestHeaders: | |
| items: | |
| description: BypassCacheOnRequestHeader contains configuration | |
| for how requests containing specific request headers bypass | |
| the cache, even if the content was previously cached. | |
| properties: | |
| headerName: | |
| description: The header field name to match on when bypassing | |
| cache. Values are case-insensitive. | |
| type: string | |
| type: object | |
| type: array | |
| cacheMode: | |
| type: string | |
| cachePolicy: | |
| description: CacheKeyPolicy contains configuration for how requests | |
| to a CDN-enabled backend are cached. | |
| properties: | |
| includeHost: | |
| description: If true, requests to different hosts will be | |
| cached separately. | |
| type: boolean | |
| includeProtocol: | |
| description: If true, http and https requests will be cached | |
| separately. | |
| type: boolean | |
| includeQueryString: | |
| description: If true, query string parameters are included | |
| in the cache key according to QueryStringBlacklist and | |
| QueryStringWhitelist. If neither is set, the entire query | |
| string is included and if false the entire query string | |
| is excluded. | |
| type: boolean | |
| queryStringBlacklist: | |
| description: Names of query strint parameters to exclude | |
| from cache keys. All other parameters are included. Either | |
| specify QueryStringBlacklist or QueryStringWhitelist, | |
| but not both. | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| queryStringWhitelist: | |
| description: Names of query string parameters to include | |
| in cache keys. All other parameters are excluded. Either | |
| specify QueryStringBlacklist or QueryStringWhitelist, | |
| but not both. | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| type: object | |
| clientTtl: | |
| format: int64 | |
| type: integer | |
| defaultTtl: | |
| format: int64 | |
| type: integer | |
| enabled: | |
| default: false | |
| type: boolean | |
| maxTtl: | |
| format: int64 | |
| type: integer | |
| negativeCaching: | |
| type: boolean | |
| negativeCachingPolicy: | |
| items: | |
| description: NegativeCachingPolicy contains configuration | |
| for how negative caching is applied. | |
| properties: | |
| code: | |
| description: The HTTP status code to define a TTL against. | |
| Only HTTP status codes 300, 301, 308, 404, 405, 410, | |
| 421, 451 and 501 are can be specified as values, and | |
| you cannot specify a status code more than once. | |
| format: int64 | |
| type: integer | |
| ttl: | |
| description: The TTL (in seconds) for which to cache responses | |
| with the corresponding status code. The maximum allowed | |
| value is 1800s (30 minutes), noting that infrequently | |
| accessed objects may be evicted from the cache before | |
| the defined TTL. | |
| format: int64 | |
| type: integer | |
| type: object | |
| type: array | |
| requestCoalescing: | |
| type: boolean | |
| serveWhileStale: | |
| format: int64 | |
| type: integer | |
| signedUrlCacheMaxAgeSec: | |
| format: int64 | |
| type: integer | |
| signedUrlKeys: | |
| items: | |
| description: SignedUrlKey represents a customer-supplied Signing | |
| Key used by Cloud CDN Signed URLs | |
| properties: | |
| keyName: | |
| description: 'KeyName: Name of the key. The name must | |
| be 1-63 characters long, and comply with RFC1035. Specifically, | |
| the name must be 1-63 characters long and match the | |
| regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which | |
| means the first character must be a lowercase letter, | |
| and all following characters must be a dash, lowercase | |
| letter, or digit, except the last character, which cannot | |
| be a dash.' | |
| type: string | |
| keyValue: | |
| description: 'KeyValue: 128-bit key value used for signing | |
| the URL. The key value must be a valid RFC 4648 Section | |
| 5 base64url encoded string.' | |
| type: string | |
| secretName: | |
| description: The name of a k8s secret which stores the | |
| 128-bit key value used for signing the URL. The key | |
| value must be a valid RFC 4648 Section 5 base64url encoded | |
| string | |
| type: string | |
| type: object | |
| type: array | |
| required: | |
| - enabled | |
| type: object | |
| connectionDraining: | |
| description: ConnectionDrainingConfig contains configuration for | |
| connection draining. For now the draining timeout. May manage | |
| more settings in the future. | |
| properties: | |
| drainingTimeoutSec: | |
| description: Draining timeout in seconds. | |
| format: int64 | |
| type: integer | |
| type: object | |
| customRequestHeaders: | |
| description: CustomRequestHeadersConfig contains configuration for | |
| custom request headers | |
| properties: | |
| headers: | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| type: object | |
| healthCheck: | |
| description: HealthCheckConfig contains configuration for the health | |
| check. | |
| properties: | |
| checkIntervalSec: | |
| description: CheckIntervalSec is a health check parameter. See | |
| https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| format: int64 | |
| type: integer | |
| healthyThreshold: | |
| description: HealthyThreshold is a health check parameter. See | |
| https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| format: int64 | |
| type: integer | |
| port: | |
| description: Port is a health check parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| If Port is used, the controller updates portSpecification | |
| as well | |
| format: int64 | |
| type: integer | |
| requestPath: | |
| description: RequestPath is a health check parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| type: string | |
| timeoutSec: | |
| description: TimeoutSec is a health check parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| format: int64 | |
| type: integer | |
| type: | |
| description: Type is a health check parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| type: string | |
| unhealthyThreshold: | |
| description: UnhealthyThreshold is a health check parameter. | |
| See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| format: int64 | |
| type: integer | |
| type: object | |
| iap: | |
| description: IAPConfig contains configuration for IAP-enabled backends. | |
| properties: | |
| enabled: | |
| default: false | |
| type: boolean | |
| oauthclientCredentials: | |
| description: OAuthClientCredentials contains credentials for | |
| a single IAP-enabled backend. | |
| properties: | |
| clientID: | |
| description: Direct reference to OAuth client id. | |
| type: string | |
| clientSecret: | |
| description: Direct reference to OAuth client secret. | |
| type: string | |
| secretName: | |
| default: "" | |
| description: The name of a k8s secret which stores the OAuth | |
| client id & secret. | |
| type: string | |
| required: | |
| - secretName | |
| type: object | |
| required: | |
| - enabled | |
| - oauthclientCredentials | |
| type: object | |
| logging: | |
| description: LogConfig contains configuration for logging. | |
| properties: | |
| enable: | |
| description: This field denotes whether to enable logging for | |
| the load balancer traffic served by this backend service. | |
| type: boolean | |
| sampleRate: | |
| description: This field can only be specified if logging is | |
| enabled for this backend service. The value of the field must | |
| be in [0, 1]. This configures the sampling rate of requests | |
| to the load balancer where 1.0 means all logged requests are | |
| reported and 0.0 means no logged requests are reported. The | |
| default value is 1.0. | |
| format: double | |
| type: number | |
| type: object | |
| securityPolicy: | |
| description: SecurityPolicyConfig contains configuration for CloudArmor-enabled | |
| backends. If not specified, the controller will not reconcile | |
| the security policy configuration. In other words, users can make | |
| changes in GCE without the controller overwriting them. | |
| properties: | |
| name: | |
| default: "" | |
| description: Name of the security policy that should be associated. | |
| If set to empty, the existing security policy on the backend | |
| will be removed. | |
| type: string | |
| required: | |
| - name | |
| type: object | |
| sessionAffinity: | |
| description: SessionAffinityConfig contains configuration for stickyness | |
| parameters. | |
| properties: | |
| affinityCookieTtlSec: | |
| format: int64 | |
| type: integer | |
| affinityType: | |
| type: string | |
| type: object | |
| timeoutSec: | |
| format: int64 | |
| type: integer | |
| type: object | |
| status: | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| - name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: BackendConfigSpec is the spec for a BackendConfig resource | |
| properties: | |
| cdn: | |
| description: CDNConfig contains configuration for CDN-enabled backends. | |
| properties: | |
| cachePolicy: | |
| description: CacheKeyPolicy contains configuration for how requests | |
| to a CDN-enabled backend are cached. | |
| properties: | |
| includeHost: | |
| description: If true, requests to different hosts will be | |
| cached separately. | |
| type: boolean | |
| includeProtocol: | |
| description: If true, http and https requests will be cached | |
| separately. | |
| type: boolean | |
| includeQueryString: | |
| description: If true, query string parameters are included | |
| in the cache key according to QueryStringBlacklist and | |
| QueryStringWhitelist. If neither is set, the entire query | |
| string is included and if false the entire query string | |
| is excluded. | |
| type: boolean | |
| queryStringBlacklist: | |
| description: Names of query strint parameters to exclude | |
| from cache keys. All other parameters are included. Either | |
| specify QueryStringBlacklist or QueryStringWhitelist, | |
| but not both. | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| queryStringWhitelist: | |
| description: Names of query string parameters to include | |
| in cache keys. All other parameters are excluded. Either | |
| specify QueryStringBlacklist or QueryStringWhitelist, | |
| but not both. | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| type: object | |
| enabled: | |
| default: false | |
| type: boolean | |
| required: | |
| - enabled | |
| type: object | |
| connectionDraining: | |
| description: ConnectionDrainingConfig contains configuration for | |
| connection draining. For now the draining timeout. May manage | |
| more settings in the future. | |
| properties: | |
| drainingTimeoutSec: | |
| description: Draining timeout in seconds. | |
| format: int64 | |
| type: integer | |
| type: object | |
| customRequestHeaders: | |
| description: CustomRequestHeadersConfig contains configuration for | |
| custom request headers | |
| properties: | |
| headers: | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| type: object | |
| healthCheck: | |
| description: HealthCheckConfig contains configuration for the health | |
| check. | |
| properties: | |
| checkIntervalSec: | |
| description: CheckIntervalSec is a health check parameter. See | |
| https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| format: int64 | |
| type: integer | |
| healthyThreshold: | |
| description: HealthyThreshold is a health check parameter. See | |
| https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| format: int64 | |
| type: integer | |
| port: | |
| format: int64 | |
| type: integer | |
| requestPath: | |
| description: RequestPath is a health check parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| type: string | |
| timeoutSec: | |
| description: TimeoutSec is a health check parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| format: int64 | |
| type: integer | |
| type: | |
| description: Type is a health check parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| type: string | |
| unhealthyThreshold: | |
| description: UnhealthyThreshold is a health check parameter. | |
| See https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks. | |
| format: int64 | |
| type: integer | |
| type: object | |
| iap: | |
| description: IAPConfig contains configuration for IAP-enabled backends. | |
| properties: | |
| enabled: | |
| default: false | |
| type: boolean | |
| oauthclientCredentials: | |
| description: OAuthClientCredentials contains credentials for | |
| a single IAP-enabled backend. | |
| properties: | |
| clientID: | |
| description: Direct reference to OAuth client id. | |
| type: string | |
| clientSecret: | |
| description: Direct reference to OAuth client secret. | |
| type: string | |
| secretName: | |
| default: "" | |
| description: The name of a k8s secret which stores the OAuth | |
| client id & secret. | |
| type: string | |
| required: | |
| - secretName | |
| type: object | |
| required: | |
| - enabled | |
| - oauthclientCredentials | |
| type: object | |
| securityPolicy: | |
| description: SecurityPolicyConfig contains configuration for CloudArmor-enabled | |
| backends. If not specified, the controller will not reconcile | |
| the security policy configuration. In other words, users can make | |
| changes in GCE without the controller overwriting them. | |
| properties: | |
| name: | |
| default: "" | |
| description: Name of the security policy that should be associated. | |
| If set to empty, the existing security policy on the backend | |
| will be removed. | |
| type: string | |
| required: | |
| - name | |
| type: object | |
| sessionAffinity: | |
| description: SessionAffinityConfig contains configuration for stickyness | |
| parameters. | |
| properties: | |
| affinityCookieTtlSec: | |
| format: int64 | |
| type: integer | |
| affinityType: | |
| type: string | |
| type: object | |
| timeoutSec: | |
| format: int64 | |
| type: integer | |
| type: object | |
| status: | |
| type: object | |
| type: object | |
| served: true | |
| storage: false | |
| status: | |
| acceptedNames: | |
| kind: BackendConfig | |
| listKind: BackendConfigList | |
| plural: backendconfigs | |
| shortNames: | |
| - bc | |
| singular: backendconfig | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:36Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:36Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/layer: addon | |
| creationTimestamp: "2022-11-16T06:18:04Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: capacityrequests.internal.autoscaling.gke.io | |
| resourceVersion: "365" | |
| uid: b3b186c6-b7c4-4b86-9fcf-23825029b02c | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: internal.autoscaling.gke.io | |
| names: | |
| kind: CapacityRequest | |
| listKind: CapacityRequestList | |
| plural: capacityrequests | |
| shortNames: | |
| - capreq | |
| singular: capacityrequest | |
| scope: Namespaced | |
| versions: | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: CapacityRequest is a way to express additional capacity that | |
| we would like to reserve in the cluster. Cluster Autoscaler can use this | |
| information in its calculations and signal if the additional capacity | |
| is available in the cluster or proactively add capacity if needed. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' | |
| type: string | |
| spec: | |
| description: 'Specification of the CapacityRequest object. More info: | |
| https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.' | |
| properties: | |
| capacity: | |
| description: Capacity specifies additional capacity to reserve in | |
| the cluster as a specification of the pod that should be scheduled | |
| in the cluster. | |
| properties: | |
| activeDeadlineSeconds: | |
| description: Optional duration in seconds the pod may be active | |
| on the node relative to StartTime before the system will actively | |
| try to mark it failed and kill associated containers. Value | |
| must be a positive integer. | |
| format: int64 | |
| type: integer | |
| affinity: | |
| description: If specified, the pod's scheduling constraints | |
| properties: | |
| nodeAffinity: | |
| description: Describes node affinity scheduling rules for | |
| the pod. | |
| properties: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| description: The scheduler will prefer to schedule pods | |
| to nodes that satisfy the affinity expressions specified | |
| by this field, but it may choose a node that violates | |
| one or more of the expressions. The node that is most | |
| preferred is the one with the greatest sum of weights, | |
| i.e. for each node that meets all of the scheduling | |
| requirements (resource request, requiredDuringScheduling | |
| affinity expressions, etc.), compute a sum by iterating | |
| through the elements of this field and adding "weight" | |
| to the sum if the node matches the corresponding matchExpressions; | |
| the node(s) with the highest sum are the most preferred. | |
| items: | |
| description: An empty preferred scheduling term matches | |
| all objects with implicit weight 0 (i.e. it's a | |
| no-op). A null preferred scheduling term matches | |
| no objects (i.e. is also a no-op). | |
| properties: | |
| preference: | |
| description: A node selector term, associated | |
| with the corresponding weight. | |
| properties: | |
| matchExpressions: | |
| description: A list of node selector requirements | |
| by node's labels. | |
| items: | |
| description: A node selector requirement | |
| is a selector that contains values, a | |
| key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: The label key that the | |
| selector applies to. | |
| type: string | |
| operator: | |
| description: Represents a key's relationship | |
| to a set of values. Valid operators | |
| are In, NotIn, Exists, DoesNotExist. | |
| Gt, and Lt. | |
| type: string | |
| values: | |
| description: An array of string values. | |
| If the operator is In or NotIn, the | |
| values array must be non-empty. If | |
| the operator is Exists or DoesNotExist, | |
| the values array must be empty. If | |
| the operator is Gt or Lt, the values | |
| array must have a single element, | |
| which will be interpreted as an integer. | |
| This array is replaced during a strategic | |
| merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchFields: | |
| description: A list of node selector requirements | |
| by node's fields. | |
| items: | |
| description: A node selector requirement | |
| is a selector that contains values, a | |
| key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: The label key that the | |
| selector applies to. | |
| type: string | |
| operator: | |
| description: Represents a key's relationship | |
| to a set of values. Valid operators | |
| are In, NotIn, Exists, DoesNotExist. | |
| Gt, and Lt. | |
| type: string | |
| values: | |
| description: An array of string values. | |
| If the operator is In or NotIn, the | |
| values array must be non-empty. If | |
| the operator is Exists or DoesNotExist, | |
| the values array must be empty. If | |
| the operator is Gt or Lt, the values | |
| array must have a single element, | |
| which will be interpreted as an integer. | |
| This array is replaced during a strategic | |
| merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| type: object | |
| weight: | |
| description: Weight associated with matching the | |
| corresponding nodeSelectorTerm, in the range | |
| 1-100. | |
| format: int32 | |
| type: integer | |
| required: | |
| - preference | |
| - weight | |
| type: object | |
| type: array | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| description: If the affinity requirements specified | |
| by this field are not met at scheduling time, the | |
| pod will not be scheduled onto the node. If the affinity | |
| requirements specified by this field cease to be met | |
| at some point during pod execution (e.g. due to an | |
| update), the system may or may not try to eventually | |
| evict the pod from its node. | |
| properties: | |
| nodeSelectorTerms: | |
| description: Required. A list of node selector terms. | |
| The terms are ORed. | |
| items: | |
| description: A null or empty node selector term | |
| matches no objects. The requirements of them | |
| are ANDed. The TopologySelectorTerm type implements | |
| a subset of the NodeSelectorTerm. | |
| properties: | |
| matchExpressions: | |
| description: A list of node selector requirements | |
| by node's labels. | |
| items: | |
| description: A node selector requirement | |
| is a selector that contains values, a | |
| key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: The label key that the | |
| selector applies to. | |
| type: string | |
| operator: | |
| description: Represents a key's relationship | |
| to a set of values. Valid operators | |
| are In, NotIn, Exists, DoesNotExist. | |
| Gt, and Lt. | |
| type: string | |
| values: | |
| description: An array of string values. | |
| If the operator is In or NotIn, the | |
| values array must be non-empty. If | |
| the operator is Exists or DoesNotExist, | |
| the values array must be empty. If | |
| the operator is Gt or Lt, the values | |
| array must have a single element, | |
| which will be interpreted as an integer. | |
| This array is replaced during a strategic | |
| merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchFields: | |
| description: A list of node selector requirements | |
| by node's fields. | |
| items: | |
| description: A node selector requirement | |
| is a selector that contains values, a | |
| key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: The label key that the | |
| selector applies to. | |
| type: string | |
| operator: | |
| description: Represents a key's relationship | |
| to a set of values. Valid operators | |
| are In, NotIn, Exists, DoesNotExist. | |
| Gt, and Lt. | |
| type: string | |
| values: | |
| description: An array of string values. | |
| If the operator is In or NotIn, the | |
| values array must be non-empty. If | |
| the operator is Exists or DoesNotExist, | |
| the values array must be empty. If | |
| the operator is Gt or Lt, the values | |
| array must have a single element, | |
| which will be interpreted as an integer. | |
| This array is replaced during a strategic | |
| merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| type: object | |
| type: array | |
| required: | |
| - nodeSelectorTerms | |
| type: object | |
| type: object | |
| podAffinity: | |
| description: Describes pod affinity scheduling rules (e.g. | |
| co-locate this pod in the same node, zone, etc. as some | |
| other pod(s)). | |
| properties: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| description: The scheduler will prefer to schedule pods | |
| to nodes that satisfy the affinity expressions specified | |
| by this field, but it may choose a node that violates | |
| one or more of the expressions. The node that is most | |
| preferred is the one with the greatest sum of weights, | |
| i.e. for each node that meets all of the scheduling | |
| requirements (resource request, requiredDuringScheduling | |
| affinity expressions, etc.), compute a sum by iterating | |
| through the elements of this field and adding "weight" | |
| to the sum if the node has pods which matches the | |
| corresponding podAffinityTerm; the node(s) with the | |
| highest sum are the most preferred. | |
| items: | |
| description: The weights of all of the matched WeightedPodAffinityTerm | |
| fields are added per-node to find the most preferred | |
| node(s) | |
| properties: | |
| podAffinityTerm: | |
| description: Required. A pod affinity term, associated | |
| with the corresponding weight. | |
| properties: | |
| labelSelector: | |
| description: A label query over a set of resources, | |
| in this case pods. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list | |
| of label selector requirements. The | |
| requirements are ANDed. | |
| items: | |
| description: A label selector requirement | |
| is a selector that contains values, | |
| a key, and an operator that relates | |
| the key and values. | |
| properties: | |
| key: | |
| description: key is the label key | |
| that the selector applies to. | |
| type: string | |
| operator: | |
| description: operator represents | |
| a key's relationship to a set | |
| of values. Valid operators are | |
| In, NotIn, Exists and DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array | |
| of string values. If the operator | |
| is In or NotIn, the values array | |
| must be non-empty. If the operator | |
| is Exists or DoesNotExist, the | |
| values array must be empty. This | |
| array is replaced during a strategic | |
| merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} | |
| pairs. A single {key,value} in the matchLabels | |
| map is equivalent to an element of matchExpressions, | |
| whose key field is "key", the operator | |
| is "In", and the values array contains | |
| only "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| namespaces: | |
| description: namespaces specifies which namespaces | |
| the labelSelector applies to (matches against); | |
| null or empty list means "this pod's namespace" | |
| items: | |
| type: string | |
| type: array | |
| topologyKey: | |
| description: This pod should be co-located | |
| (affinity) or not co-located (anti-affinity) | |
| with the pods matching the labelSelector | |
| in the specified namespaces, where co-located | |
| is defined as running on a node whose value | |
| of the label with key topologyKey matches | |
| that of any node on which any of the selected | |
| pods is running. Empty topologyKey is not | |
| allowed. | |
| type: string | |
| required: | |
| - topologyKey | |
| type: object | |
| weight: | |
| description: weight associated with matching the | |
| corresponding podAffinityTerm, in the range | |
| 1-100. | |
| format: int32 | |
| type: integer | |
| required: | |
| - podAffinityTerm | |
| - weight | |
| type: object | |
| type: array | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| description: If the affinity requirements specified | |
| by this field are not met at scheduling time, the | |
| pod will not be scheduled onto the node. If the affinity | |
| requirements specified by this field cease to be met | |
| at some point during pod execution (e.g. due to a | |
| pod label update), the system may or may not try to | |
| eventually evict the pod from its node. When there | |
| are multiple elements, the lists of nodes corresponding | |
| to each podAffinityTerm are intersected, i.e. all | |
| terms must be satisfied. | |
| items: | |
| description: Defines a set of pods (namely those matching | |
| the labelSelector relative to the given namespace(s)) | |
| that this pod should be co-located (affinity) or | |
| not co-located (anti-affinity) with, where co-located | |
| is defined as running on a node whose value of the | |
| label with key <topologyKey> matches that of any | |
| node on which a pod of the set of pods is running | |
| properties: | |
| labelSelector: | |
| description: A label query over a set of resources, | |
| in this case pods. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list of | |
| label selector requirements. The requirements | |
| are ANDed. | |
| items: | |
| description: A label selector requirement | |
| is a selector that contains values, a | |
| key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: key is the label key that | |
| the selector applies to. | |
| type: string | |
| operator: | |
| description: operator represents a key's | |
| relationship to a set of values. Valid | |
| operators are In, NotIn, Exists and | |
| DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array of string | |
| values. If the operator is In or NotIn, | |
| the values array must be non-empty. | |
| If the operator is Exists or DoesNotExist, | |
| the values array must be empty. This | |
| array is replaced during a strategic | |
| merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} | |
| pairs. A single {key,value} in the matchLabels | |
| map is equivalent to an element of matchExpressions, | |
| whose key field is "key", the operator is | |
| "In", and the values array contains only | |
| "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| namespaces: | |
| description: namespaces specifies which namespaces | |
| the labelSelector applies to (matches against); | |
| null or empty list means "this pod's namespace" | |
| items: | |
| type: string | |
| type: array | |
| topologyKey: | |
| description: This pod should be co-located (affinity) | |
| or not co-located (anti-affinity) with the pods | |
| matching the labelSelector in the specified | |
| namespaces, where co-located is defined as running | |
| on a node whose value of the label with key | |
| topologyKey matches that of any node on which | |
| any of the selected pods is running. Empty topologyKey | |
| is not allowed. | |
| type: string | |
| required: | |
| - topologyKey | |
| type: object | |
| type: array | |
| type: object | |
| podAntiAffinity: | |
| description: Describes pod anti-affinity scheduling rules | |
| (e.g. avoid putting this pod in the same node, zone, etc. | |
| as some other pod(s)). | |
| properties: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| description: The scheduler will prefer to schedule pods | |
| to nodes that satisfy the anti-affinity expressions | |
| specified by this field, but it may choose a node | |
| that violates one or more of the expressions. The | |
| node that is most preferred is the one with the greatest | |
| sum of weights, i.e. for each node that meets all | |
| of the scheduling requirements (resource request, | |
| requiredDuringScheduling anti-affinity expressions, | |
| etc.), compute a sum by iterating through the elements | |
| of this field and adding "weight" to the sum if the | |
| node has pods which matches the corresponding podAffinityTerm; | |
| the node(s) with the highest sum are the most preferred. | |
| items: | |
| description: The weights of all of the matched WeightedPodAffinityTerm | |
| fields are added per-node to find the most preferred | |
| node(s) | |
| properties: | |
| podAffinityTerm: | |
| description: Required. A pod affinity term, associated | |
| with the corresponding weight. | |
| properties: | |
| labelSelector: | |
| description: A label query over a set of resources, | |
| in this case pods. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list | |
| of label selector requirements. The | |
| requirements are ANDed. | |
| items: | |
| description: A label selector requirement | |
| is a selector that contains values, | |
| a key, and an operator that relates | |
| the key and values. | |
| properties: | |
| key: | |
| description: key is the label key | |
| that the selector applies to. | |
| type: string | |
| operator: | |
| description: operator represents | |
| a key's relationship to a set | |
| of values. Valid operators are | |
| In, NotIn, Exists and DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array | |
| of string values. If the operator | |
| is In or NotIn, the values array | |
| must be non-empty. If the operator | |
| is Exists or DoesNotExist, the | |
| values array must be empty. This | |
| array is replaced during a strategic | |
| merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} | |
| pairs. A single {key,value} in the matchLabels | |
| map is equivalent to an element of matchExpressions, | |
| whose key field is "key", the operator | |
| is "In", and the values array contains | |
| only "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| namespaces: | |
| description: namespaces specifies which namespaces | |
| the labelSelector applies to (matches against); | |
| null or empty list means "this pod's namespace" | |
| items: | |
| type: string | |
| type: array | |
| topologyKey: | |
| description: This pod should be co-located | |
| (affinity) or not co-located (anti-affinity) | |
| with the pods matching the labelSelector | |
| in the specified namespaces, where co-located | |
| is defined as running on a node whose value | |
| of the label with key topologyKey matches | |
| that of any node on which any of the selected | |
| pods is running. Empty topologyKey is not | |
| allowed. | |
| type: string | |
| required: | |
| - topologyKey | |
| type: object | |
| weight: | |
| description: weight associated with matching the | |
| corresponding podAffinityTerm, in the range | |
| 1-100. | |
| format: int32 | |
| type: integer | |
| required: | |
| - podAffinityTerm | |
| - weight | |
| type: object | |
| type: array | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| description: If the anti-affinity requirements specified | |
| by this field are not met at scheduling time, the | |
| pod will not be scheduled onto the node. If the anti-affinity | |
| requirements specified by this field cease to be met | |
| at some point during pod execution (e.g. due to a | |
| pod label update), the system may or may not try to | |
| eventually evict the pod from its node. When there | |
| are multiple elements, the lists of nodes corresponding | |
| to each podAffinityTerm are intersected, i.e. all | |
| terms must be satisfied. | |
| items: | |
| description: Defines a set of pods (namely those matching | |
| the labelSelector relative to the given namespace(s)) | |
| that this pod should be co-located (affinity) or | |
| not co-located (anti-affinity) with, where co-located | |
| is defined as running on a node whose value of the | |
| label with key <topologyKey> matches that of any | |
| node on which a pod of the set of pods is running | |
| properties: | |
| labelSelector: | |
| description: A label query over a set of resources, | |
| in this case pods. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list of | |
| label selector requirements. The requirements | |
| are ANDed. | |
| items: | |
| description: A label selector requirement | |
| is a selector that contains values, a | |
| key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: key is the label key that | |
| the selector applies to. | |
| type: string | |
| operator: | |
| description: operator represents a key's | |
| relationship to a set of values. Valid | |
| operators are In, NotIn, Exists and | |
| DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array of string | |
| values. If the operator is In or NotIn, | |
| the values array must be non-empty. | |
| If the operator is Exists or DoesNotExist, | |
| the values array must be empty. This | |
| array is replaced during a strategic | |
| merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} | |
| pairs. A single {key,value} in the matchLabels | |
| map is equivalent to an element of matchExpressions, | |
| whose key field is "key", the operator is | |
| "In", and the values array contains only | |
| "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| namespaces: | |
| description: namespaces specifies which namespaces | |
| the labelSelector applies to (matches against); | |
| null or empty list means "this pod's namespace" | |
| items: | |
| type: string | |
| type: array | |
| topologyKey: | |
| description: This pod should be co-located (affinity) | |
| or not co-located (anti-affinity) with the pods | |
| matching the labelSelector in the specified | |
| namespaces, where co-located is defined as running | |
| on a node whose value of the label with key | |
| topologyKey matches that of any node on which | |
| any of the selected pods is running. Empty topologyKey | |
| is not allowed. | |
| type: string | |
| required: | |
| - topologyKey | |
| type: object | |
| type: array | |
| type: object | |
| type: object | |
| automountServiceAccountToken: | |
| description: AutomountServiceAccountToken indicates whether | |
| a service account token should be automatically mounted. | |
| type: boolean | |
| containers: | |
| description: List of containers belonging to the pod. Containers | |
| cannot currently be added or removed. There must be at least | |
| one container in a Pod. Cannot be updated. | |
| items: | |
| description: A single application container that you want | |
| to run within a pod. | |
| properties: | |
| args: | |
| description: 'Arguments to the entrypoint. The docker | |
| image''s CMD is used if this is not provided. Variable | |
| references $(VAR_NAME) are expanded using the container''s | |
| environment. If a variable cannot be resolved, the reference | |
| in the input string will be unchanged. The $(VAR_NAME) | |
| syntax can be escaped with a double $$, ie: $$(VAR_NAME). | |
| Escaped references will never be expanded, regardless | |
| of whether the variable exists or not. Cannot be updated. | |
| More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
| items: | |
| type: string | |
| type: array | |
| command: | |
| description: 'Entrypoint array. Not executed within a | |
| shell. The docker image''s ENTRYPOINT is used if this | |
| is not provided. Variable references $(VAR_NAME) are | |
| expanded using the container''s environment. If a variable | |
| cannot be resolved, the reference in the input string | |
| will be unchanged. The $(VAR_NAME) syntax can be escaped | |
| with a double $$, ie: $$(VAR_NAME). Escaped references | |
| will never be expanded, regardless of whether the variable | |
| exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
| items: | |
| type: string | |
| type: array | |
| env: | |
| description: List of environment variables to set in the | |
| container. Cannot be updated. | |
| items: | |
| description: EnvVar represents an environment variable | |
| present in a Container. | |
| properties: | |
| name: | |
| description: Name of the environment variable. Must | |
| be a C_IDENTIFIER. | |
| type: string | |
| value: | |
| description: 'Variable references $(VAR_NAME) are | |
| expanded using the previous defined environment | |
| variables in the container and any service environment | |
| variables. If a variable cannot be resolved, the | |
| reference in the input string will be unchanged. | |
| The $(VAR_NAME) syntax can be escaped with a double | |
| $$, ie: $$(VAR_NAME). Escaped references will | |
| never be expanded, regardless of whether the variable | |
| exists or not. Defaults to "".' | |
| type: string | |
| valueFrom: | |
| description: Source for the environment variable's | |
| value. Cannot be used if value is not empty. | |
| properties: | |
| configMapKeyRef: | |
| description: Selects a key of a ConfigMap. | |
| properties: | |
| key: | |
| description: The key to select. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More | |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap | |
| or it's key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| fieldRef: | |
| description: 'Selects a field of the pod: supports | |
| metadata.name, metadata.namespace, metadata.labels, | |
| metadata.annotations, spec.nodeName, spec.serviceAccountName, | |
| status.hostIP, status.podIP.' | |
| properties: | |
| apiVersion: | |
| description: Version of the schema the FieldPath | |
| is written in terms of, defaults to "v1". | |
| type: string | |
| fieldPath: | |
| description: Path of the field to select | |
| in the specified API version. | |
| type: string | |
| required: | |
| - fieldPath | |
| type: object | |
| resourceFieldRef: | |
| description: 'Selects a resource of the container: | |
| only resources limits and requests (limits.cpu, | |
| limits.memory, limits.ephemeral-storage, requests.cpu, | |
| requests.memory and requests.ephemeral-storage) | |
| are currently supported.' | |
| properties: | |
| containerName: | |
| description: 'Container name: required for | |
| volumes, optional for env vars' | |
| type: string | |
| divisor: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Specifies the output format | |
| of the exposed resources, defaults to | |
| "1" | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| resource: | |
| description: 'Required: resource to select' | |
| type: string | |
| required: | |
| - resource | |
| type: object | |
| secretKeyRef: | |
| description: Selects a key of a secret in the | |
| pod's namespace | |
| properties: | |
| key: | |
| description: The key of the secret to select | |
| from. Must be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More | |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret | |
| or it's key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| envFrom: | |
| description: List of sources to populate environment variables | |
| in the container. The keys defined within a source must | |
| be a C_IDENTIFIER. All invalid keys will be reported | |
| as an event when the container is starting. When a key | |
| exists in multiple sources, the value associated with | |
| the last source will take precedence. Values defined | |
| by an Env with a duplicate key will take precedence. | |
| Cannot be updated. | |
| items: | |
| description: EnvFromSource represents the source of | |
| a set of ConfigMaps | |
| properties: | |
| configMapRef: | |
| description: The ConfigMap to select from | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap must | |
| be defined | |
| type: boolean | |
| type: object | |
| prefix: | |
| description: An optional identifier to prepend to | |
| each key in the ConfigMap. Must be a C_IDENTIFIER. | |
| type: string | |
| secretRef: | |
| description: The Secret to select from | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret must | |
| be defined | |
| type: boolean | |
| type: object | |
| type: object | |
| type: array | |
| image: | |
| description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images | |
| This field is optional to allow higher level config | |
| management to default or override container images in | |
| workload controllers like Deployments and StatefulSets.' | |
| type: string | |
| imagePullPolicy: | |
| description: 'Image pull policy. One of Always, Never, | |
| IfNotPresent. Defaults to Always if :latest tag is specified, | |
| or IfNotPresent otherwise. Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/containers/images#updating-images' | |
| type: string | |
| lifecycle: | |
| description: Actions that the management system should | |
| take in response to container lifecycle events. Cannot | |
| be updated. | |
| properties: | |
| postStart: | |
| description: 'PostStart is called immediately after | |
| a container is created. If the handler fails, the | |
| container is terminated and restarted according | |
| to its restart policy. Other management of the container | |
| blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
| properties: | |
| exec: | |
| description: One and only one of the following | |
| should be specified. Exec specifies the action | |
| to take. | |
| properties: | |
| command: | |
| description: Command is the command line to | |
| execute inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The command | |
| is simply exec'd, it is not run inside a | |
| shell, so traditional shell instructions | |
| ('|', etc) won't work. To use a shell, you | |
| need to explicitly call out to that shell. | |
| Exit status of 0 is treated as live/healthy | |
| and non-zero is unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| httpGet: | |
| description: HTTPGet specifies the http request | |
| to perform. | |
| properties: | |
| host: | |
| description: Host name to connect to, defaults | |
| to the pod IP. You probably want to set | |
| "Host" in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: Custom headers to set in the | |
| request. HTTP allows repeated headers. | |
| items: | |
| description: HTTPHeader describes a custom | |
| header to be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to | |
| access on the container. Number must be | |
| in the range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use for connecting | |
| to the host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| tcpSocket: | |
| description: 'TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported TODO: | |
| implement a realistic TCP lifecycle hook' | |
| properties: | |
| host: | |
| description: 'Optional: Host name to connect | |
| to, defaults to the pod IP.' | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Number or name of the port to | |
| access on the container. Number must be | |
| in the range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| required: | |
| - port | |
| type: object | |
| type: object | |
| preStop: | |
| description: 'PreStop is called immediately before | |
| a container is terminated. The container is terminated | |
| after the handler completes. The reason for termination | |
| is passed to the handler. Regardless of the outcome | |
| of the handler, the container is eventually terminated. | |
| Other management of the container blocks until the | |
| hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
| properties: | |
| exec: | |
| description: One and only one of the following | |
| should be specified. Exec specifies the action | |
| to take. | |
| properties: | |
| command: | |
| description: Command is the command line to | |
| execute inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The command | |
| is simply exec'd, it is not run inside a | |
| shell, so traditional shell instructions | |
| ('|', etc) won't work. To use a shell, you | |
| need to explicitly call out to that shell. | |
| Exit status of 0 is treated as live/healthy | |
| and non-zero is unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| httpGet: | |
| description: HTTPGet specifies the http request | |
| to perform. | |
| properties: | |
| host: | |
| description: Host name to connect to, defaults | |
| to the pod IP. You probably want to set | |
| "Host" in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: Custom headers to set in the | |
| request. HTTP allows repeated headers. | |
| items: | |
| description: HTTPHeader describes a custom | |
| header to be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to | |
| access on the container. Number must be | |
| in the range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use for connecting | |
| to the host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| tcpSocket: | |
| description: 'TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported TODO: | |
| implement a realistic TCP lifecycle hook' | |
| properties: | |
| host: | |
| description: 'Optional: Host name to connect | |
| to, defaults to the pod IP.' | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Number or name of the port to | |
| access on the container. Number must be | |
| in the range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| required: | |
| - port | |
| type: object | |
| type: object | |
| type: object | |
| livenessProbe: | |
| description: 'Periodic probe of container liveness. Container | |
| will be restarted if the probe fails. Cannot be updated. | |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| properties: | |
| exec: | |
| description: One and only one of the following should | |
| be specified. Exec specifies the action to take. | |
| properties: | |
| command: | |
| description: Command is the command line to execute | |
| inside the container, the working directory | |
| for the command is root ('/') in the container's | |
| filesystem. The command is simply exec'd, it | |
| is not run inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To use a | |
| shell, you need to explicitly call out to that | |
| shell. Exit status of 0 is treated as live/healthy | |
| and non-zero is unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| failureThreshold: | |
| description: Minimum consecutive failures for the | |
| probe to be considered failed after having succeeded. | |
| Defaults to 3. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| httpGet: | |
| description: HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: Host name to connect to, defaults | |
| to the pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: HTTPHeader describes a custom header | |
| to be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to access | |
| on the container. Number must be in the range | |
| 1 to 65535. Name must be an IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| initialDelaySeconds: | |
| description: 'Number of seconds after the container | |
| has started before liveness probes are initiated. | |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| format: int32 | |
| type: integer | |
| periodSeconds: | |
| description: How often (in seconds) to perform the | |
| probe. Default to 10 seconds. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| successThreshold: | |
| description: Minimum consecutive successes for the | |
| probe to be considered successful after having failed. | |
| Defaults to 1. Must be 1 for liveness. Minimum value | |
| is 1. | |
| format: int32 | |
| type: integer | |
| tcpSocket: | |
| description: 'TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported TODO: implement | |
| a realistic TCP lifecycle hook' | |
| properties: | |
| host: | |
| description: 'Optional: Host name to connect to, | |
| defaults to the pod IP.' | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Number or name of the port to access | |
| on the container. Number must be in the range | |
| 1 to 65535. Name must be an IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| required: | |
| - port | |
| type: object | |
| timeoutSeconds: | |
| description: 'Number of seconds after which the probe | |
| times out. Defaults to 1 second. Minimum value is | |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| format: int32 | |
| type: integer | |
| type: object | |
| name: | |
| description: Name of the container specified as a DNS_LABEL. | |
| Each container in a pod must have a unique name (DNS_LABEL). | |
| Cannot be updated. | |
| type: string | |
| ports: | |
| description: List of ports to expose from the container. | |
| Exposing a port here gives the system additional information | |
| about the network connections a container uses, but | |
| is primarily informational. Not specifying a port here | |
| DOES NOT prevent that port from being exposed. Any port | |
| which is listening on the default "0.0.0.0" address | |
| inside a container will be accessible from the network. | |
| Cannot be updated. | |
| items: | |
| description: ContainerPort represents a network port | |
| in a single container. | |
| properties: | |
| containerPort: | |
| description: Number of port to expose on the pod's | |
| IP address. This must be a valid port number, | |
| 0 < x < 65536. | |
| format: int32 | |
| type: integer | |
| hostIP: | |
| description: What host IP to bind the external port | |
| to. | |
| type: string | |
| hostPort: | |
| description: Number of port to expose on the host. | |
| If specified, this must be a valid port number, | |
| 0 < x < 65536. If HostNetwork is specified, this | |
| must match ContainerPort. Most containers do not | |
| need this. | |
| format: int32 | |
| type: integer | |
| name: | |
| description: If specified, this must be an IANA_SVC_NAME | |
| and unique within the pod. Each named port in | |
| a pod must have a unique name. Name for the port | |
| that can be referred to by services. | |
| type: string | |
| protocol: | |
| default: TCP | |
| description: Protocol for port. Must be UDP, TCP, | |
| or SCTP. Defaults to "TCP". | |
| type: string | |
| required: | |
| - containerPort | |
| type: object | |
| type: array | |
| x-kubernetes-list-map-keys: | |
| - containerPort | |
| - protocol | |
| x-kubernetes-list-type: map | |
| readinessProbe: | |
| description: 'Periodic probe of container service readiness. | |
| Container will be removed from service endpoints if | |
| the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| properties: | |
| exec: | |
| description: One and only one of the following should | |
| be specified. Exec specifies the action to take. | |
| properties: | |
| command: | |
| description: Command is the command line to execute | |
| inside the container, the working directory | |
| for the command is root ('/') in the container's | |
| filesystem. The command is simply exec'd, it | |
| is not run inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To use a | |
| shell, you need to explicitly call out to that | |
| shell. Exit status of 0 is treated as live/healthy | |
| and non-zero is unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| failureThreshold: | |
| description: Minimum consecutive failures for the | |
| probe to be considered failed after having succeeded. | |
| Defaults to 3. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| httpGet: | |
| description: HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: Host name to connect to, defaults | |
| to the pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: HTTPHeader describes a custom header | |
| to be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to access | |
| on the container. Number must be in the range | |
| 1 to 65535. Name must be an IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| initialDelaySeconds: | |
| description: 'Number of seconds after the container | |
| has started before liveness probes are initiated. | |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| format: int32 | |
| type: integer | |
| periodSeconds: | |
| description: How often (in seconds) to perform the | |
| probe. Default to 10 seconds. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| successThreshold: | |
| description: Minimum consecutive successes for the | |
| probe to be considered successful after having failed. | |
| Defaults to 1. Must be 1 for liveness. Minimum value | |
| is 1. | |
| format: int32 | |
| type: integer | |
| tcpSocket: | |
| description: 'TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported TODO: implement | |
| a realistic TCP lifecycle hook' | |
| properties: | |
| host: | |
| description: 'Optional: Host name to connect to, | |
| defaults to the pod IP.' | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Number or name of the port to access | |
| on the container. Number must be in the range | |
| 1 to 65535. Name must be an IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| required: | |
| - port | |
| type: object | |
| timeoutSeconds: | |
| description: 'Number of seconds after which the probe | |
| times out. Defaults to 1 second. Minimum value is | |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| format: int32 | |
| type: integer | |
| type: object | |
| resources: | |
| description: 'Compute Resources required by this container. | |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
| properties: | |
| limits: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: 'Limits describes the maximum amount | |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
| type: object | |
| requests: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: 'Requests describes the minimum amount | |
| of compute resources required. If Requests is omitted | |
| for a container, it defaults to Limits if that is | |
| explicitly specified, otherwise to an implementation-defined | |
| value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
| type: object | |
| type: object | |
| securityContext: | |
| description: 'Security options the pod should run with. | |
| More info: https://kubernetes.io/docs/concepts/policy/security-context/ | |
| More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' | |
| properties: | |
| allowPrivilegeEscalation: | |
| description: 'AllowPrivilegeEscalation controls whether | |
| a process can gain more privileges than its parent | |
| process. This bool directly controls if the no_new_privs | |
| flag will be set on the container process. AllowPrivilegeEscalation | |
| is true always when the container is: 1) run as | |
| Privileged 2) has CAP_SYS_ADMIN' | |
| type: boolean | |
| capabilities: | |
| description: The capabilities to add/drop when running | |
| containers. Defaults to the default set of capabilities | |
| granted by the container runtime. | |
| properties: | |
| add: | |
| description: Added capabilities | |
| items: | |
| description: Capability represent POSIX capabilities | |
| type | |
| type: string | |
| type: array | |
| drop: | |
| description: Removed capabilities | |
| items: | |
| description: Capability represent POSIX capabilities | |
| type | |
| type: string | |
| type: array | |
| type: object | |
| privileged: | |
| description: Run container in privileged mode. Processes | |
| in privileged containers are essentially equivalent | |
| to root on the host. Defaults to false. | |
| type: boolean | |
| procMount: | |
| description: procMount denotes the type of proc mount | |
| to use for the containers. The default is DefaultProcMount | |
| which uses the container runtime defaults for readonly | |
| paths and masked paths. This requires the ProcMountType | |
| feature flag to be enabled. | |
| type: string | |
| readOnlyRootFilesystem: | |
| description: Whether this container has a read-only | |
| root filesystem. Default is false. | |
| type: boolean | |
| runAsGroup: | |
| description: The GID to run the entrypoint of the | |
| container process. Uses runtime default if unset. | |
| May also be set in PodSecurityContext. If set in | |
| both SecurityContext and PodSecurityContext, the | |
| value specified in SecurityContext takes precedence. | |
| format: int64 | |
| type: integer | |
| runAsNonRoot: | |
| description: Indicates that the container must run | |
| as a non-root user. If true, the Kubelet will validate | |
| the image at runtime to ensure that it does not | |
| run as UID 0 (root) and fail to start the container | |
| if it does. If unset or false, no such validation | |
| will be performed. May also be set in PodSecurityContext. If | |
| set in both SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext takes precedence. | |
| type: boolean | |
| runAsUser: | |
| description: The UID to run the entrypoint of the | |
| container process. Defaults to user specified in | |
| image metadata if unspecified. May also be set in | |
| PodSecurityContext. If set in both SecurityContext | |
| and PodSecurityContext, the value specified in SecurityContext | |
| takes precedence. | |
| format: int64 | |
| type: integer | |
| seLinuxOptions: | |
| description: The SELinux context to be applied to | |
| the container. If unspecified, the container runtime | |
| will allocate a random SELinux context for each | |
| container. May also be set in PodSecurityContext. If | |
| set in both SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext takes precedence. | |
| properties: | |
| level: | |
| description: Level is SELinux level label that | |
| applies to the container. | |
| type: string | |
| role: | |
| description: Role is a SELinux role label that | |
| applies to the container. | |
| type: string | |
| type: | |
| description: Type is a SELinux type label that | |
| applies to the container. | |
| type: string | |
| user: | |
| description: User is a SELinux user label that | |
| applies to the container. | |
| type: string | |
| type: object | |
| type: object | |
| stdin: | |
| description: Whether this container should allocate a | |
| buffer for stdin in the container runtime. If this is | |
| not set, reads from stdin in the container will always | |
| result in EOF. Default is false. | |
| type: boolean | |
| stdinOnce: | |
| description: Whether the container runtime should close | |
| the stdin channel after it has been opened by a single | |
| attach. When stdin is true the stdin stream will remain | |
| open across multiple attach sessions. If stdinOnce is | |
| set to true, stdin is opened on container start, is | |
| empty until the first client attaches to stdin, and | |
| then remains open and accepts data until the client | |
| disconnects, at which time stdin is closed and remains | |
| closed until the container is restarted. If this flag | |
| is false, a container processes that reads from stdin | |
| will never receive an EOF. Default is false | |
| type: boolean | |
| terminationMessagePath: | |
| description: 'Optional: Path at which the file to which | |
| the container''s termination message will be written | |
| is mounted into the container''s filesystem. Message | |
| written is intended to be brief final status, such as | |
| an assertion failure message. Will be truncated by the | |
| node if greater than 4096 bytes. The total message length | |
| across all containers will be limited to 12kb. Defaults | |
| to /dev/termination-log. Cannot be updated.' | |
| type: string | |
| terminationMessagePolicy: | |
| description: Indicate how the termination message should | |
| be populated. File will use the contents of terminationMessagePath | |
| to populate the container status message on both success | |
| and failure. FallbackToLogsOnError will use the last | |
| chunk of container log output if the termination message | |
| file is empty and the container exited with an error. | |
| The log output is limited to 2048 bytes or 80 lines, | |
| whichever is smaller. Defaults to File. Cannot be updated. | |
| type: string | |
| tty: | |
| description: Whether this container should allocate a | |
| TTY for itself, also requires 'stdin' to be true. Default | |
| is false. | |
| type: boolean | |
| volumeDevices: | |
| description: volumeDevices is the list of block devices | |
| to be used by the container. This is an alpha feature | |
| and may change in the future. | |
| items: | |
| description: volumeDevice describes a mapping of a raw | |
| block device within a container. | |
| properties: | |
| devicePath: | |
| description: devicePath is the path inside of the | |
| container that the device will be mapped to. | |
| type: string | |
| name: | |
| description: name must match the name of a persistentVolumeClaim | |
| in the pod | |
| type: string | |
| required: | |
| - devicePath | |
| - name | |
| type: object | |
| type: array | |
| volumeMounts: | |
| description: Pod volumes to mount into the container's | |
| filesystem. Cannot be updated. | |
| items: | |
| description: VolumeMount describes a mounting of a Volume | |
| within a container. | |
| properties: | |
| mountPath: | |
| description: Path within the container at which | |
| the volume should be mounted. Must not contain | |
| ':'. | |
| type: string | |
| mountPropagation: | |
| description: mountPropagation determines how mounts | |
| are propagated from the host to container and | |
| the other way around. When not set, MountPropagationNone | |
| is used. This field is beta in 1.10. | |
| type: string | |
| name: | |
| description: This must match the Name of a Volume. | |
| type: string | |
| readOnly: | |
| description: Mounted read-only if true, read-write | |
| otherwise (false or unspecified). Defaults to | |
| false. | |
| type: boolean | |
| subPath: | |
| description: Path within the volume from which the | |
| container's volume should be mounted. Defaults | |
| to "" (volume's root). | |
| type: string | |
| required: | |
| - mountPath | |
| - name | |
| type: object | |
| type: array | |
| workingDir: | |
| description: Container's working directory. If not specified, | |
| the container runtime's default will be used, which | |
| might be configured in the container image. Cannot be | |
| updated. | |
| type: string | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| dnsConfig: | |
| description: Specifies the DNS parameters of a pod. Parameters | |
| specified here will be merged to the generated DNS configuration | |
| based on DNSPolicy. | |
| properties: | |
| nameservers: | |
| description: A list of DNS name server IP addresses. This | |
| will be appended to the base nameservers generated from | |
| DNSPolicy. Duplicated nameservers will be removed. | |
| items: | |
| type: string | |
| type: array | |
| options: | |
| description: A list of DNS resolver options. This will be | |
| merged with the base options generated from DNSPolicy. | |
| Duplicated entries will be removed. Resolution options | |
| given in Options will override those that appear in the | |
| base DNSPolicy. | |
| items: | |
| description: PodDNSConfigOption defines DNS resolver options | |
| of a pod. | |
| properties: | |
| name: | |
| description: Required. | |
| type: string | |
| value: | |
| type: string | |
| type: object | |
| type: array | |
| searches: | |
| description: A list of DNS search domains for host-name | |
| lookup. This will be appended to the base search paths | |
| generated from DNSPolicy. Duplicated search paths will | |
| be removed. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| dnsPolicy: | |
| description: Set DNS policy for the pod. Defaults to "ClusterFirst". | |
| Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', | |
| 'Default' or 'None'. DNS parameters given in DNSConfig will | |
| be merged with the policy selected with DNSPolicy. To have | |
| DNS options set along with hostNetwork, you have to specify | |
| DNS policy explicitly to 'ClusterFirstWithHostNet'. | |
| type: string | |
| enableServiceLinks: | |
| description: EnableServiceLinks indicates whether information | |
| about services should be injected into pod's environment variables, | |
| matching the syntax of Docker links. | |
| type: boolean | |
| hostAliases: | |
| description: HostAliases is an optional list of hosts and IPs | |
| that will be injected into the pod's hosts file if specified. | |
| This is only valid for non-hostNetwork pods. | |
| items: | |
| description: HostAlias holds the mapping between IP and hostnames | |
| that will be injected as an entry in the pod's hosts file. | |
| properties: | |
| hostnames: | |
| description: Hostnames for the above IP address. | |
| items: | |
| type: string | |
| type: array | |
| ip: | |
| description: IP address of the host file entry. | |
| type: string | |
| type: object | |
| type: array | |
| hostIPC: | |
| description: 'Use the host''s ipc namespace. Optional: Default | |
| to false.' | |
| type: boolean | |
| hostNetwork: | |
| description: Host networking requested for this pod. Use the | |
| host's network namespace. If this option is set, the ports | |
| that will be used must be specified. Default to false. | |
| type: boolean | |
| hostPID: | |
| description: 'Use the host''s pid namespace. Optional: Default | |
| to false.' | |
| type: boolean | |
| hostname: | |
| description: Specifies the hostname of the Pod If not specified, | |
| the pod's hostname will be set to a system-defined value. | |
| type: string | |
| imagePullSecrets: | |
| description: 'ImagePullSecrets is an optional list of references | |
| to secrets in the same namespace to use for pulling any of | |
| the images used by this PodSpec. If specified, these secrets | |
| will be passed to individual puller implementations for them | |
| to use. For example, in the case of docker, only DockerConfig | |
| type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' | |
| items: | |
| description: LocalObjectReference contains enough information | |
| to let you locate the referenced object inside the same | |
| namespace. | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, uid?' | |
| type: string | |
| type: object | |
| type: array | |
| initContainers: | |
| description: 'List of initialization containers belonging to | |
| the pod. Init containers are executed in order prior to containers | |
| being started. If any init container fails, the pod is considered | |
| to have failed and is handled according to its restartPolicy. | |
| The name for an init container or normal container must be | |
| unique among all containers. Init containers may not have | |
| Lifecycle actions, Readiness probes, or Liveness probes. The | |
| resourceRequirements of an init container are taken into account | |
| during scheduling by finding the highest request/limit for | |
| each resource type, and then using the max of of that value | |
| or the sum of the normal containers. Limits are applied to | |
| init containers in a similar fashion. Init containers cannot | |
| currently be added or removed. Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' | |
| items: | |
| description: A single application container that you want | |
| to run within a pod. | |
| properties: | |
| args: | |
| description: 'Arguments to the entrypoint. The docker | |
| image''s CMD is used if this is not provided. Variable | |
| references $(VAR_NAME) are expanded using the container''s | |
| environment. If a variable cannot be resolved, the reference | |
| in the input string will be unchanged. The $(VAR_NAME) | |
| syntax can be escaped with a double $$, ie: $$(VAR_NAME). | |
| Escaped references will never be expanded, regardless | |
| of whether the variable exists or not. Cannot be updated. | |
| More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
| items: | |
| type: string | |
| type: array | |
| command: | |
| description: 'Entrypoint array. Not executed within a | |
| shell. The docker image''s ENTRYPOINT is used if this | |
| is not provided. Variable references $(VAR_NAME) are | |
| expanded using the container''s environment. If a variable | |
| cannot be resolved, the reference in the input string | |
| will be unchanged. The $(VAR_NAME) syntax can be escaped | |
| with a double $$, ie: $$(VAR_NAME). Escaped references | |
| will never be expanded, regardless of whether the variable | |
| exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
| items: | |
| type: string | |
| type: array | |
| env: | |
| description: List of environment variables to set in the | |
| container. Cannot be updated. | |
| items: | |
| description: EnvVar represents an environment variable | |
| present in a Container. | |
| properties: | |
| name: | |
| description: Name of the environment variable. Must | |
| be a C_IDENTIFIER. | |
| type: string | |
| value: | |
| description: 'Variable references $(VAR_NAME) are | |
| expanded using the previous defined environment | |
| variables in the container and any service environment | |
| variables. If a variable cannot be resolved, the | |
| reference in the input string will be unchanged. | |
| The $(VAR_NAME) syntax can be escaped with a double | |
| $$, ie: $$(VAR_NAME). Escaped references will | |
| never be expanded, regardless of whether the variable | |
| exists or not. Defaults to "".' | |
| type: string | |
| valueFrom: | |
| description: Source for the environment variable's | |
| value. Cannot be used if value is not empty. | |
| properties: | |
| configMapKeyRef: | |
| description: Selects a key of a ConfigMap. | |
| properties: | |
| key: | |
| description: The key to select. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More | |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap | |
| or it's key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| fieldRef: | |
| description: 'Selects a field of the pod: supports | |
| metadata.name, metadata.namespace, metadata.labels, | |
| metadata.annotations, spec.nodeName, spec.serviceAccountName, | |
| status.hostIP, status.podIP.' | |
| properties: | |
| apiVersion: | |
| description: Version of the schema the FieldPath | |
| is written in terms of, defaults to "v1". | |
| type: string | |
| fieldPath: | |
| description: Path of the field to select | |
| in the specified API version. | |
| type: string | |
| required: | |
| - fieldPath | |
| type: object | |
| resourceFieldRef: | |
| description: 'Selects a resource of the container: | |
| only resources limits and requests (limits.cpu, | |
| limits.memory, limits.ephemeral-storage, requests.cpu, | |
| requests.memory and requests.ephemeral-storage) | |
| are currently supported.' | |
| properties: | |
| containerName: | |
| description: 'Container name: required for | |
| volumes, optional for env vars' | |
| type: string | |
| divisor: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Specifies the output format | |
| of the exposed resources, defaults to | |
| "1" | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| resource: | |
| description: 'Required: resource to select' | |
| type: string | |
| required: | |
| - resource | |
| type: object | |
| secretKeyRef: | |
| description: Selects a key of a secret in the | |
| pod's namespace | |
| properties: | |
| key: | |
| description: The key of the secret to select | |
| from. Must be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More | |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret | |
| or it's key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| envFrom: | |
| description: List of sources to populate environment variables | |
| in the container. The keys defined within a source must | |
| be a C_IDENTIFIER. All invalid keys will be reported | |
| as an event when the container is starting. When a key | |
| exists in multiple sources, the value associated with | |
| the last source will take precedence. Values defined | |
| by an Env with a duplicate key will take precedence. | |
| Cannot be updated. | |
| items: | |
| description: EnvFromSource represents the source of | |
| a set of ConfigMaps | |
| properties: | |
| configMapRef: | |
| description: The ConfigMap to select from | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap must | |
| be defined | |
| type: boolean | |
| type: object | |
| prefix: | |
| description: An optional identifier to prepend to | |
| each key in the ConfigMap. Must be a C_IDENTIFIER. | |
| type: string | |
| secretRef: | |
| description: The Secret to select from | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret must | |
| be defined | |
| type: boolean | |
| type: object | |
| type: object | |
| type: array | |
| image: | |
| description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images | |
| This field is optional to allow higher level config | |
| management to default or override container images in | |
| workload controllers like Deployments and StatefulSets.' | |
| type: string | |
| imagePullPolicy: | |
| description: 'Image pull policy. One of Always, Never, | |
| IfNotPresent. Defaults to Always if :latest tag is specified, | |
| or IfNotPresent otherwise. Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/containers/images#updating-images' | |
| type: string | |
| lifecycle: | |
| description: Actions that the management system should | |
| take in response to container lifecycle events. Cannot | |
| be updated. | |
| properties: | |
| postStart: | |
| description: 'PostStart is called immediately after | |
| a container is created. If the handler fails, the | |
| container is terminated and restarted according | |
| to its restart policy. Other management of the container | |
| blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
| properties: | |
| exec: | |
| description: One and only one of the following | |
| should be specified. Exec specifies the action | |
| to take. | |
| properties: | |
| command: | |
| description: Command is the command line to | |
| execute inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The command | |
| is simply exec'd, it is not run inside a | |
| shell, so traditional shell instructions | |
| ('|', etc) won't work. To use a shell, you | |
| need to explicitly call out to that shell. | |
| Exit status of 0 is treated as live/healthy | |
| and non-zero is unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| httpGet: | |
| description: HTTPGet specifies the http request | |
| to perform. | |
| properties: | |
| host: | |
| description: Host name to connect to, defaults | |
| to the pod IP. You probably want to set | |
| "Host" in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: Custom headers to set in the | |
| request. HTTP allows repeated headers. | |
| items: | |
| description: HTTPHeader describes a custom | |
| header to be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to | |
| access on the container. Number must be | |
| in the range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use for connecting | |
| to the host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| tcpSocket: | |
| description: 'TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported TODO: | |
| implement a realistic TCP lifecycle hook' | |
| properties: | |
| host: | |
| description: 'Optional: Host name to connect | |
| to, defaults to the pod IP.' | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Number or name of the port to | |
| access on the container. Number must be | |
| in the range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| required: | |
| - port | |
| type: object | |
| type: object | |
| preStop: | |
| description: 'PreStop is called immediately before | |
| a container is terminated. The container is terminated | |
| after the handler completes. The reason for termination | |
| is passed to the handler. Regardless of the outcome | |
| of the handler, the container is eventually terminated. | |
| Other management of the container blocks until the | |
| hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
| properties: | |
| exec: | |
| description: One and only one of the following | |
| should be specified. Exec specifies the action | |
| to take. | |
| properties: | |
| command: | |
| description: Command is the command line to | |
| execute inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The command | |
| is simply exec'd, it is not run inside a | |
| shell, so traditional shell instructions | |
| ('|', etc) won't work. To use a shell, you | |
| need to explicitly call out to that shell. | |
| Exit status of 0 is treated as live/healthy | |
| and non-zero is unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| httpGet: | |
| description: HTTPGet specifies the http request | |
| to perform. | |
| properties: | |
| host: | |
| description: Host name to connect to, defaults | |
| to the pod IP. You probably want to set | |
| "Host" in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: Custom headers to set in the | |
| request. HTTP allows repeated headers. | |
| items: | |
| description: HTTPHeader describes a custom | |
| header to be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to | |
| access on the container. Number must be | |
| in the range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use for connecting | |
| to the host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| tcpSocket: | |
| description: 'TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported TODO: | |
| implement a realistic TCP lifecycle hook' | |
| properties: | |
| host: | |
| description: 'Optional: Host name to connect | |
| to, defaults to the pod IP.' | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Number or name of the port to | |
| access on the container. Number must be | |
| in the range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| required: | |
| - port | |
| type: object | |
| type: object | |
| type: object | |
| livenessProbe: | |
| description: 'Periodic probe of container liveness. Container | |
| will be restarted if the probe fails. Cannot be updated. | |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| properties: | |
| exec: | |
| description: One and only one of the following should | |
| be specified. Exec specifies the action to take. | |
| properties: | |
| command: | |
| description: Command is the command line to execute | |
| inside the container, the working directory | |
| for the command is root ('/') in the container's | |
| filesystem. The command is simply exec'd, it | |
| is not run inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To use a | |
| shell, you need to explicitly call out to that | |
| shell. Exit status of 0 is treated as live/healthy | |
| and non-zero is unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| failureThreshold: | |
| description: Minimum consecutive failures for the | |
| probe to be considered failed after having succeeded. | |
| Defaults to 3. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| httpGet: | |
| description: HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: Host name to connect to, defaults | |
| to the pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: HTTPHeader describes a custom header | |
| to be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to access | |
| on the container. Number must be in the range | |
| 1 to 65535. Name must be an IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| initialDelaySeconds: | |
| description: 'Number of seconds after the container | |
| has started before liveness probes are initiated. | |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| format: int32 | |
| type: integer | |
| periodSeconds: | |
| description: How often (in seconds) to perform the | |
| probe. Default to 10 seconds. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| successThreshold: | |
| description: Minimum consecutive successes for the | |
| probe to be considered successful after having failed. | |
| Defaults to 1. Must be 1 for liveness. Minimum value | |
| is 1. | |
| format: int32 | |
| type: integer | |
| tcpSocket: | |
| description: 'TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported TODO: implement | |
| a realistic TCP lifecycle hook' | |
| properties: | |
| host: | |
| description: 'Optional: Host name to connect to, | |
| defaults to the pod IP.' | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Number or name of the port to access | |
| on the container. Number must be in the range | |
| 1 to 65535. Name must be an IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| required: | |
| - port | |
| type: object | |
| timeoutSeconds: | |
| description: 'Number of seconds after which the probe | |
| times out. Defaults to 1 second. Minimum value is | |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| format: int32 | |
| type: integer | |
| type: object | |
| name: | |
| description: Name of the container specified as a DNS_LABEL. | |
| Each container in a pod must have a unique name (DNS_LABEL). | |
| Cannot be updated. | |
| type: string | |
| ports: | |
| description: List of ports to expose from the container. | |
| Exposing a port here gives the system additional information | |
| about the network connections a container uses, but | |
| is primarily informational. Not specifying a port here | |
| DOES NOT prevent that port from being exposed. Any port | |
| which is listening on the default "0.0.0.0" address | |
| inside a container will be accessible from the network. | |
| Cannot be updated. | |
| items: | |
| description: ContainerPort represents a network port | |
| in a single container. | |
| properties: | |
| containerPort: | |
| description: Number of port to expose on the pod's | |
| IP address. This must be a valid port number, | |
| 0 < x < 65536. | |
| format: int32 | |
| type: integer | |
| hostIP: | |
| description: What host IP to bind the external port | |
| to. | |
| type: string | |
| hostPort: | |
| description: Number of port to expose on the host. | |
| If specified, this must be a valid port number, | |
| 0 < x < 65536. If HostNetwork is specified, this | |
| must match ContainerPort. Most containers do not | |
| need this. | |
| format: int32 | |
| type: integer | |
| name: | |
| description: If specified, this must be an IANA_SVC_NAME | |
| and unique within the pod. Each named port in | |
| a pod must have a unique name. Name for the port | |
| that can be referred to by services. | |
| type: string | |
| protocol: | |
| default: TCP | |
| description: Protocol for port. Must be UDP, TCP, | |
| or SCTP. Defaults to "TCP". | |
| type: string | |
| required: | |
| - containerPort | |
| type: object | |
| type: array | |
| x-kubernetes-list-map-keys: | |
| - containerPort | |
| - protocol | |
| x-kubernetes-list-type: map | |
| readinessProbe: | |
| description: 'Periodic probe of container service readiness. | |
| Container will be removed from service endpoints if | |
| the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| properties: | |
| exec: | |
| description: One and only one of the following should | |
| be specified. Exec specifies the action to take. | |
| properties: | |
| command: | |
| description: Command is the command line to execute | |
| inside the container, the working directory | |
| for the command is root ('/') in the container's | |
| filesystem. The command is simply exec'd, it | |
| is not run inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To use a | |
| shell, you need to explicitly call out to that | |
| shell. Exit status of 0 is treated as live/healthy | |
| and non-zero is unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| failureThreshold: | |
| description: Minimum consecutive failures for the | |
| probe to be considered failed after having succeeded. | |
| Defaults to 3. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| httpGet: | |
| description: HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: Host name to connect to, defaults | |
| to the pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: HTTPHeader describes a custom header | |
| to be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to access | |
| on the container. Number must be in the range | |
| 1 to 65535. Name must be an IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| initialDelaySeconds: | |
| description: 'Number of seconds after the container | |
| has started before liveness probes are initiated. | |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| format: int32 | |
| type: integer | |
| periodSeconds: | |
| description: How often (in seconds) to perform the | |
| probe. Default to 10 seconds. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| successThreshold: | |
| description: Minimum consecutive successes for the | |
| probe to be considered successful after having failed. | |
| Defaults to 1. Must be 1 for liveness. Minimum value | |
| is 1. | |
| format: int32 | |
| type: integer | |
| tcpSocket: | |
| description: 'TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported TODO: implement | |
| a realistic TCP lifecycle hook' | |
| properties: | |
| host: | |
| description: 'Optional: Host name to connect to, | |
| defaults to the pod IP.' | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Number or name of the port to access | |
| on the container. Number must be in the range | |
| 1 to 65535. Name must be an IANA_SVC_NAME. | |
| x-kubernetes-int-or-string: true | |
| required: | |
| - port | |
| type: object | |
| timeoutSeconds: | |
| description: 'Number of seconds after which the probe | |
| times out. Defaults to 1 second. Minimum value is | |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
| format: int32 | |
| type: integer | |
| type: object | |
| resources: | |
| description: 'Compute Resources required by this container. | |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
| properties: | |
| limits: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: 'Limits describes the maximum amount | |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
| type: object | |
| requests: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: 'Requests describes the minimum amount | |
| of compute resources required. If Requests is omitted | |
| for a container, it defaults to Limits if that is | |
| explicitly specified, otherwise to an implementation-defined | |
| value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
| type: object | |
| type: object | |
| securityContext: | |
| description: 'Security options the pod should run with. | |
| More info: https://kubernetes.io/docs/concepts/policy/security-context/ | |
| More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' | |
| properties: | |
| allowPrivilegeEscalation: | |
| description: 'AllowPrivilegeEscalation controls whether | |
| a process can gain more privileges than its parent | |
| process. This bool directly controls if the no_new_privs | |
| flag will be set on the container process. AllowPrivilegeEscalation | |
| is true always when the container is: 1) run as | |
| Privileged 2) has CAP_SYS_ADMIN' | |
| type: boolean | |
| capabilities: | |
| description: The capabilities to add/drop when running | |
| containers. Defaults to the default set of capabilities | |
| granted by the container runtime. | |
| properties: | |
| add: | |
| description: Added capabilities | |
| items: | |
| description: Capability represent POSIX capabilities | |
| type | |
| type: string | |
| type: array | |
| drop: | |
| description: Removed capabilities | |
| items: | |
| description: Capability represent POSIX capabilities | |
| type | |
| type: string | |
| type: array | |
| type: object | |
| privileged: | |
| description: Run container in privileged mode. Processes | |
| in privileged containers are essentially equivalent | |
| to root on the host. Defaults to false. | |
| type: boolean | |
| procMount: | |
| description: procMount denotes the type of proc mount | |
| to use for the containers. The default is DefaultProcMount | |
| which uses the container runtime defaults for readonly | |
| paths and masked paths. This requires the ProcMountType | |
| feature flag to be enabled. | |
| type: string | |
| readOnlyRootFilesystem: | |
| description: Whether this container has a read-only | |
| root filesystem. Default is false. | |
| type: boolean | |
| runAsGroup: | |
| description: The GID to run the entrypoint of the | |
| container process. Uses runtime default if unset. | |
| May also be set in PodSecurityContext. If set in | |
| both SecurityContext and PodSecurityContext, the | |
| value specified in SecurityContext takes precedence. | |
| format: int64 | |
| type: integer | |
| runAsNonRoot: | |
| description: Indicates that the container must run | |
| as a non-root user. If true, the Kubelet will validate | |
| the image at runtime to ensure that it does not | |
| run as UID 0 (root) and fail to start the container | |
| if it does. If unset or false, no such validation | |
| will be performed. May also be set in PodSecurityContext. If | |
| set in both SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext takes precedence. | |
| type: boolean | |
| runAsUser: | |
| description: The UID to run the entrypoint of the | |
| container process. Defaults to user specified in | |
| image metadata if unspecified. May also be set in | |
| PodSecurityContext. If set in both SecurityContext | |
| and PodSecurityContext, the value specified in SecurityContext | |
| takes precedence. | |
| format: int64 | |
| type: integer | |
| seLinuxOptions: | |
| description: The SELinux context to be applied to | |
| the container. If unspecified, the container runtime | |
| will allocate a random SELinux context for each | |
| container. May also be set in PodSecurityContext. If | |
| set in both SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext takes precedence. | |
| properties: | |
| level: | |
| description: Level is SELinux level label that | |
| applies to the container. | |
| type: string | |
| role: | |
| description: Role is a SELinux role label that | |
| applies to the container. | |
| type: string | |
| type: | |
| description: Type is a SELinux type label that | |
| applies to the container. | |
| type: string | |
| user: | |
| description: User is a SELinux user label that | |
| applies to the container. | |
| type: string | |
| type: object | |
| type: object | |
| stdin: | |
| description: Whether this container should allocate a | |
| buffer for stdin in the container runtime. If this is | |
| not set, reads from stdin in the container will always | |
| result in EOF. Default is false. | |
| type: boolean | |
| stdinOnce: | |
| description: Whether the container runtime should close | |
| the stdin channel after it has been opened by a single | |
| attach. When stdin is true the stdin stream will remain | |
| open across multiple attach sessions. If stdinOnce is | |
| set to true, stdin is opened on container start, is | |
| empty until the first client attaches to stdin, and | |
| then remains open and accepts data until the client | |
| disconnects, at which time stdin is closed and remains | |
| closed until the container is restarted. If this flag | |
| is false, a container processes that reads from stdin | |
| will never receive an EOF. Default is false | |
| type: boolean | |
| terminationMessagePath: | |
| description: 'Optional: Path at which the file to which | |
| the container''s termination message will be written | |
| is mounted into the container''s filesystem. Message | |
| written is intended to be brief final status, such as | |
| an assertion failure message. Will be truncated by the | |
| node if greater than 4096 bytes. The total message length | |
| across all containers will be limited to 12kb. Defaults | |
| to /dev/termination-log. Cannot be updated.' | |
| type: string | |
| terminationMessagePolicy: | |
| description: Indicate how the termination message should | |
| be populated. File will use the contents of terminationMessagePath | |
| to populate the container status message on both success | |
| and failure. FallbackToLogsOnError will use the last | |
| chunk of container log output if the termination message | |
| file is empty and the container exited with an error. | |
| The log output is limited to 2048 bytes or 80 lines, | |
| whichever is smaller. Defaults to File. Cannot be updated. | |
| type: string | |
| tty: | |
| description: Whether this container should allocate a | |
| TTY for itself, also requires 'stdin' to be true. Default | |
| is false. | |
| type: boolean | |
| volumeDevices: | |
| description: volumeDevices is the list of block devices | |
| to be used by the container. This is an alpha feature | |
| and may change in the future. | |
| items: | |
| description: volumeDevice describes a mapping of a raw | |
| block device within a container. | |
| properties: | |
| devicePath: | |
| description: devicePath is the path inside of the | |
| container that the device will be mapped to. | |
| type: string | |
| name: | |
| description: name must match the name of a persistentVolumeClaim | |
| in the pod | |
| type: string | |
| required: | |
| - devicePath | |
| - name | |
| type: object | |
| type: array | |
| volumeMounts: | |
| description: Pod volumes to mount into the container's | |
| filesystem. Cannot be updated. | |
| items: | |
| description: VolumeMount describes a mounting of a Volume | |
| within a container. | |
| properties: | |
| mountPath: | |
| description: Path within the container at which | |
| the volume should be mounted. Must not contain | |
| ':'. | |
| type: string | |
| mountPropagation: | |
| description: mountPropagation determines how mounts | |
| are propagated from the host to container and | |
| the other way around. When not set, MountPropagationNone | |
| is used. This field is beta in 1.10. | |
| type: string | |
| name: | |
| description: This must match the Name of a Volume. | |
| type: string | |
| readOnly: | |
| description: Mounted read-only if true, read-write | |
| otherwise (false or unspecified). Defaults to | |
| false. | |
| type: boolean | |
| subPath: | |
| description: Path within the volume from which the | |
| container's volume should be mounted. Defaults | |
| to "" (volume's root). | |
| type: string | |
| required: | |
| - mountPath | |
| - name | |
| type: object | |
| type: array | |
| workingDir: | |
| description: Container's working directory. If not specified, | |
| the container runtime's default will be used, which | |
| might be configured in the container image. Cannot be | |
| updated. | |
| type: string | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| nodeName: | |
| description: NodeName is a request to schedule this pod onto | |
| a specific node. If it is non-empty, the scheduler simply | |
| schedules this pod onto that node, assuming that it fits resource | |
| requirements. | |
| type: string | |
| nodeSelector: | |
| additionalProperties: | |
| type: string | |
| description: 'NodeSelector is a selector which must be true | |
| for the pod to fit on a node. Selector which must match a | |
| node''s labels for the pod to be scheduled on that node. More | |
| info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' | |
| type: object | |
| priority: | |
| description: The priority value. Various system components use | |
| this field to find the priority of the pod. When Priority | |
| Admission Controller is enabled, it prevents users from setting | |
| this field. The admission controller populates this field | |
| from PriorityClassName. The higher the value, the higher the | |
| priority. | |
| format: int32 | |
| type: integer | |
| priorityClassName: | |
| description: If specified, indicates the pod's priority. "system-node-critical" | |
| and "system-cluster-critical" are two special keywords which | |
| indicate the highest priorities with the former being the | |
| highest priority. Any other name must be defined by creating | |
| a PriorityClass object with that name. If not specified, the | |
| pod priority will be default or zero if there is no default. | |
| type: string | |
| readinessGates: | |
| description: 'If specified, all readiness gates will be evaluated | |
| for pod readiness. A pod is ready when all its containers | |
| are ready AND all conditions specified in the readiness gates | |
| have status equal to "True" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md' | |
| items: | |
| description: PodReadinessGate contains the reference to a | |
| pod condition | |
| properties: | |
| conditionType: | |
| description: ConditionType refers to a condition in the | |
| pod's condition list with matching type. | |
| type: string | |
| required: | |
| - conditionType | |
| type: object | |
| type: array | |
| restartPolicy: | |
| description: 'Restart policy for all containers within the pod. | |
| One of Always, OnFailure, Never. Default to Always. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' | |
| type: string | |
| runtimeClassName: | |
| description: 'RuntimeClassName refers to a RuntimeClass object | |
| in the node.k8s.io group, which should be used to run this | |
| pod. If no RuntimeClass resource matches the named class, | |
| the pod will not be run. If unset or empty, the "legacy" RuntimeClass | |
| will be used, which is an implicit class with an empty definition | |
| that uses the default runtime handler. More info: https://github.com/kubernetes/community/blob/master/keps/sig-node/0014-runtime-class.md | |
| This is an alpha feature and may change in the future.' | |
| type: string | |
| schedulerName: | |
| description: If specified, the pod will be dispatched by specified | |
| scheduler. If not specified, the pod will be dispatched by | |
| default scheduler. | |
| type: string | |
| securityContext: | |
| description: 'SecurityContext holds pod-level security attributes | |
| and common container settings. Optional: Defaults to empty. See | |
| type description for default values of each field.' | |
| properties: | |
| fsGroup: | |
| description: "A special supplemental group that applies | |
| to all containers in a pod. Some volume types allow the | |
| Kubelet to change the ownership of that volume to be owned | |
| by the pod: \n 1. The owning GID will be the FSGroup 2. | |
| The setgid bit is set (new files created in the volume | |
| will be owned by FSGroup) 3. The permission bits are OR'd | |
| with rw-rw---- \n If unset, the Kubelet will not modify | |
| the ownership and permissions of any volume." | |
| format: int64 | |
| type: integer | |
| runAsGroup: | |
| description: The GID to run the entrypoint of the container | |
| process. Uses runtime default if unset. May also be set | |
| in SecurityContext. If set in both SecurityContext and | |
| PodSecurityContext, the value specified in SecurityContext | |
| takes precedence for that container. | |
| format: int64 | |
| type: integer | |
| runAsNonRoot: | |
| description: Indicates that the container must run as a | |
| non-root user. If true, the Kubelet will validate the | |
| image at runtime to ensure that it does not run as UID | |
| 0 (root) and fail to start the container if it does. If | |
| unset or false, no such validation will be performed. | |
| May also be set in SecurityContext. If set in both SecurityContext | |
| and PodSecurityContext, the value specified in SecurityContext | |
| takes precedence. | |
| type: boolean | |
| runAsUser: | |
| description: The UID to run the entrypoint of the container | |
| process. Defaults to user specified in image metadata | |
| if unspecified. May also be set in SecurityContext. If | |
| set in both SecurityContext and PodSecurityContext, the | |
| value specified in SecurityContext takes precedence for | |
| that container. | |
| format: int64 | |
| type: integer | |
| seLinuxOptions: | |
| description: The SELinux context to be applied to all containers. | |
| If unspecified, the container runtime will allocate a | |
| random SELinux context for each container. May also be | |
| set in SecurityContext. If set in both SecurityContext | |
| and PodSecurityContext, the value specified in SecurityContext | |
| takes precedence for that container. | |
| properties: | |
| level: | |
| description: Level is SELinux level label that applies | |
| to the container. | |
| type: string | |
| role: | |
| description: Role is a SELinux role label that applies | |
| to the container. | |
| type: string | |
| type: | |
| description: Type is a SELinux type label that applies | |
| to the container. | |
| type: string | |
| user: | |
| description: User is a SELinux user label that applies | |
| to the container. | |
| type: string | |
| type: object | |
| supplementalGroups: | |
| description: A list of groups applied to the first process | |
| run in each container, in addition to the container's | |
| primary GID. If unspecified, no groups will be added | |
| to any container. | |
| items: | |
| format: int64 | |
| type: integer | |
| type: array | |
| sysctls: | |
| description: Sysctls hold a list of namespaced sysctls used | |
| for the pod. Pods with unsupported sysctls (by the container | |
| runtime) might fail to launch. | |
| items: | |
| description: Sysctl defines a kernel parameter to be set | |
| properties: | |
| name: | |
| description: Name of a property to set | |
| type: string | |
| value: | |
| description: Value of a property to set | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| type: object | |
| serviceAccount: | |
| description: 'DeprecatedServiceAccount is a depreciated alias | |
| for ServiceAccountName. Deprecated: Use serviceAccountName | |
| instead.' | |
| type: string | |
| serviceAccountName: | |
| description: 'ServiceAccountName is the name of the ServiceAccount | |
| to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' | |
| type: string | |
| shareProcessNamespace: | |
| description: 'Share a single process namespace between all of | |
| the containers in a pod. When this is set containers will | |
| be able to view and signal processes from other containers | |
| in the same pod, and the first process in each container will | |
| not be assigned PID 1. HostPID and ShareProcessNamespace cannot | |
| both be set. Optional: Default to false. This field is beta-level | |
| and may be disabled with the PodShareProcessNamespace feature.' | |
| type: boolean | |
| subdomain: | |
| description: If specified, the fully qualified Pod hostname | |
| will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster | |
| domain>". If not specified, the pod will not have a domainname | |
| at all. | |
| type: string | |
| terminationGracePeriodSeconds: | |
| description: Optional duration in seconds the pod needs to terminate | |
| gracefully. May be decreased in delete request. Value must | |
| be non-negative integer. The value zero indicates delete immediately. | |
| If this value is nil, the default grace period will be used | |
| instead. The grace period is the duration in seconds after | |
| the processes running in the pod are sent a termination signal | |
| and the time when the processes are forcibly halted with a | |
| kill signal. Set this value longer than the expected cleanup | |
| time for your process. Defaults to 30 seconds. | |
| format: int64 | |
| type: integer | |
| tolerations: | |
| description: If specified, the pod's tolerations. | |
| items: | |
| description: The pod this Toleration is attached to tolerates | |
| any taint that matches the triple <key,value,effect> using | |
| the matching operator <operator>. | |
| properties: | |
| effect: | |
| description: Effect indicates the taint effect to match. | |
| Empty means match all taint effects. When specified, | |
| allowed values are NoSchedule, PreferNoSchedule and | |
| NoExecute. | |
| type: string | |
| key: | |
| description: Key is the taint key that the toleration | |
| applies to. Empty means match all taint keys. If the | |
| key is empty, operator must be Exists; this combination | |
| means to match all values and all keys. | |
| type: string | |
| operator: | |
| description: Operator represents a key's relationship | |
| to the value. Valid operators are Exists and Equal. | |
| Defaults to Equal. Exists is equivalent to wildcard | |
| for value, so that a pod can tolerate all taints of | |
| a particular category. | |
| type: string | |
| tolerationSeconds: | |
| description: TolerationSeconds represents the period of | |
| time the toleration (which must be of effect NoExecute, | |
| otherwise this field is ignored) tolerates the taint. | |
| By default, it is not set, which means tolerate the | |
| taint forever (do not evict). Zero and negative values | |
| will be treated as 0 (evict immediately) by the system. | |
| format: int64 | |
| type: integer | |
| value: | |
| description: Value is the taint value the toleration matches | |
| to. If the operator is Exists, the value should be empty, | |
| otherwise just a regular string. | |
| type: string | |
| type: object | |
| type: array | |
| volumes: | |
| description: 'List of volumes that can be mounted by containers | |
| belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' | |
| items: | |
| description: Volume represents a named volume in a pod that | |
| may be accessed by any container in the pod. | |
| properties: | |
| awsElasticBlockStore: | |
| description: 'AWSElasticBlockStore represents an AWS Disk | |
| resource that is attached to a kubelet''s host machine | |
| and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' | |
| properties: | |
| fsType: | |
| description: 'Filesystem type of the volume that you | |
| want to mount. Tip: Ensure that the filesystem type | |
| is supported by the host operating system. Examples: | |
| "ext4", "xfs", "ntfs". Implicitly inferred to be | |
| "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | |
| TODO: how do we prevent errors in the filesystem | |
| from compromising the machine' | |
| type: string | |
| partition: | |
| description: 'The partition in the volume that you | |
| want to mount. If omitted, the default is to mount | |
| by volume name. Examples: For volume /dev/sda1, | |
| you specify the partition as "1". Similarly, the | |
| volume partition for /dev/sda is "0" (or you can | |
| leave the property empty).' | |
| format: int32 | |
| type: integer | |
| readOnly: | |
| description: 'Specify "true" to force and set the | |
| ReadOnly property in VolumeMounts to "true". If | |
| omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' | |
| type: boolean | |
| volumeID: | |
| description: 'Unique ID of the persistent disk resource | |
| in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' | |
| type: string | |
| required: | |
| - volumeID | |
| type: object | |
| azureDisk: | |
| description: AzureDisk represents an Azure Data Disk mount | |
| on the host and bind mount to the pod. | |
| properties: | |
| cachingMode: | |
| description: 'Host Caching mode: None, Read Only, | |
| Read Write.' | |
| type: string | |
| diskName: | |
| description: The Name of the data disk in the blob | |
| storage | |
| type: string | |
| diskURI: | |
| description: The URI the data disk in the blob storage | |
| type: string | |
| fsType: | |
| description: Filesystem type to mount. Must be a filesystem | |
| type supported by the host operating system. Ex. | |
| "ext4", "xfs", "ntfs". Implicitly inferred to be | |
| "ext4" if unspecified. | |
| type: string | |
| kind: | |
| description: 'Expected values Shared: multiple blob | |
| disks per storage account Dedicated: single blob | |
| disk per storage account Managed: azure managed | |
| data disk (only in managed availability set). defaults | |
| to shared' | |
| type: string | |
| readOnly: | |
| description: Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in VolumeMounts. | |
| type: boolean | |
| required: | |
| - diskName | |
| - diskURI | |
| type: object | |
| azureFile: | |
| description: AzureFile represents an Azure File Service | |
| mount on the host and bind mount to the pod. | |
| properties: | |
| readOnly: | |
| description: Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in VolumeMounts. | |
| type: boolean | |
| secretName: | |
| description: the name of secret that contains Azure | |
| Storage Account Name and Key | |
| type: string | |
| shareName: | |
| description: Share Name | |
| type: string | |
| required: | |
| - secretName | |
| - shareName | |
| type: object | |
| cephfs: | |
| description: CephFS represents a Ceph FS mount on the | |
| host that shares a pod's lifetime | |
| properties: | |
| monitors: | |
| description: 'Required: Monitors is a collection of | |
| Ceph monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' | |
| items: | |
| type: string | |
| type: array | |
| path: | |
| description: 'Optional: Used as the mounted root, | |
| rather than the full Ceph tree, default is /' | |
| type: string | |
| readOnly: | |
| description: 'Optional: Defaults to false (read/write). | |
| ReadOnly here will force the ReadOnly setting in | |
| VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' | |
| type: boolean | |
| secretFile: | |
| description: 'Optional: SecretFile is the path to | |
| key ring for User, default is /etc/ceph/user.secret | |
| More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' | |
| type: string | |
| secretRef: | |
| description: 'Optional: SecretRef is reference to | |
| the authentication secret for User, default is empty. | |
| More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| type: object | |
| user: | |
| description: 'Optional: User is the rados user name, | |
| default is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' | |
| type: string | |
| required: | |
| - monitors | |
| type: object | |
| cinder: | |
| description: 'Cinder represents a cinder volume attached | |
| and mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' | |
| properties: | |
| fsType: | |
| description: 'Filesystem type to mount. Must be a | |
| filesystem type supported by the host operating | |
| system. Examples: "ext4", "xfs", "ntfs". Implicitly | |
| inferred to be "ext4" if unspecified. More info: | |
| https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' | |
| type: string | |
| readOnly: | |
| description: 'Optional: Defaults to false (read/write). | |
| ReadOnly here will force the ReadOnly setting in | |
| VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' | |
| type: boolean | |
| secretRef: | |
| description: 'Optional: points to a secret object | |
| containing parameters used to connect to OpenStack.' | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| type: object | |
| volumeID: | |
| description: 'volume id used to identify the volume | |
| in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' | |
| type: string | |
| required: | |
| - volumeID | |
| type: object | |
| configMap: | |
| description: ConfigMap represents a configMap that should | |
| populate this volume | |
| properties: | |
| defaultMode: | |
| description: 'Optional: mode bits to use on created | |
| files by default. Must be a value between 0 and | |
| 0777. Defaults to 0644. Directories within the path | |
| are not affected by this setting. This might be | |
| in conflict with other options that affect the file | |
| mode, like fsGroup, and the result can be other | |
| mode bits set.' | |
| format: int32 | |
| type: integer | |
| items: | |
| description: If unspecified, each key-value pair in | |
| the Data field of the referenced ConfigMap will | |
| be projected into the volume as a file whose name | |
| is the key and content is the value. If specified, | |
| the listed keys will be projected into the specified | |
| paths, and unlisted keys will not be present. If | |
| a key is specified which is not present in the ConfigMap, | |
| the volume setup will error unless it is marked | |
| optional. Paths must be relative and may not contain | |
| the '..' path or start with '..'. | |
| items: | |
| description: Maps a string key to a path within | |
| a volume. | |
| properties: | |
| key: | |
| description: The key to project. | |
| type: string | |
| mode: | |
| description: 'Optional: mode bits to use on | |
| this file, must be a value between 0 and 0777. | |
| If not specified, the volume defaultMode will | |
| be used. This might be in conflict with other | |
| options that affect the file mode, like fsGroup, | |
| and the result can be other mode bits set.' | |
| format: int32 | |
| type: integer | |
| path: | |
| description: The relative path of the file to | |
| map the key to. May not be an absolute path. | |
| May not contain the path element '..'. May | |
| not start with the string '..'. | |
| type: string | |
| required: | |
| - key | |
| - path | |
| type: object | |
| type: array | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap or it's | |
| keys must be defined | |
| type: boolean | |
| type: object | |
| downwardAPI: | |
| description: DownwardAPI represents downward API about | |
| the pod that should populate this volume | |
| properties: | |
| defaultMode: | |
| description: 'Optional: mode bits to use on created | |
| files by default. Must be a value between 0 and | |
| 0777. Defaults to 0644. Directories within the path | |
| are not affected by this setting. This might be | |
| in conflict with other options that affect the file | |
| mode, like fsGroup, and the result can be other | |
| mode bits set.' | |
| format: int32 | |
| type: integer | |
| items: | |
| description: Items is a list of downward API volume | |
| file | |
| items: | |
| description: DownwardAPIVolumeFile represents information | |
| to create the file containing the pod field | |
| properties: | |
| fieldRef: | |
| description: 'Required: Selects a field of the | |
| pod: only annotations, labels, name and namespace | |
| are supported.' | |
| properties: | |
| apiVersion: | |
| description: Version of the schema the FieldPath | |
| is written in terms of, defaults to "v1". | |
| type: string | |
| fieldPath: | |
| description: Path of the field to select | |
| in the specified API version. | |
| type: string | |
| required: | |
| - fieldPath | |
| type: object | |
| mode: | |
| description: 'Optional: mode bits to use on | |
| this file, must be a value between 0 and 0777. | |
| If not specified, the volume defaultMode will | |
| be used. This might be in conflict with other | |
| options that affect the file mode, like fsGroup, | |
| and the result can be other mode bits set.' | |
| format: int32 | |
| type: integer | |
| path: | |
| description: 'Required: Path is the relative | |
| path name of the file to be created. Must | |
| not be absolute or contain the ''..'' path. | |
| Must be utf-8 encoded. The first item of the | |
| relative path must not start with ''..''' | |
| type: string | |
| resourceFieldRef: | |
| description: 'Selects a resource of the container: | |
| only resources limits and requests (limits.cpu, | |
| limits.memory, requests.cpu and requests.memory) | |
| are currently supported.' | |
| properties: | |
| containerName: | |
| description: 'Container name: required for | |
| volumes, optional for env vars' | |
| type: string | |
| divisor: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Specifies the output format | |
| of the exposed resources, defaults to | |
| "1" | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| resource: | |
| description: 'Required: resource to select' | |
| type: string | |
| required: | |
| - resource | |
| type: object | |
| required: | |
| - path | |
| type: object | |
| type: array | |
| type: object | |
| emptyDir: | |
| description: 'EmptyDir represents a temporary directory | |
| that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' | |
| properties: | |
| medium: | |
| description: 'What type of storage medium should back | |
| this directory. The default is "" which means to | |
| use the node''s default medium. Must be an empty | |
| string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' | |
| type: string | |
| sizeLimit: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: 'Total amount of local storage required | |
| for this EmptyDir volume. The size limit is also | |
| applicable for memory medium. The maximum usage | |
| on memory medium EmptyDir would be the minimum value | |
| between the SizeLimit specified here and the sum | |
| of memory limits of all containers in a pod. The | |
| default is nil which means that the limit is undefined. | |
| More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| type: object | |
| fc: | |
| description: FC represents a Fibre Channel resource that | |
| is attached to a kubelet's host machine and then exposed | |
| to the pod. | |
| properties: | |
| fsType: | |
| description: 'Filesystem type to mount. Must be a | |
| filesystem type supported by the host operating | |
| system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred | |
| to be "ext4" if unspecified. TODO: how do we prevent | |
| errors in the filesystem from compromising the machine' | |
| type: string | |
| lun: | |
| description: 'Optional: FC target lun number' | |
| format: int32 | |
| type: integer | |
| readOnly: | |
| description: 'Optional: Defaults to false (read/write). | |
| ReadOnly here will force the ReadOnly setting in | |
| VolumeMounts.' | |
| type: boolean | |
| targetWWNs: | |
| description: 'Optional: FC target worldwide names | |
| (WWNs)' | |
| items: | |
| type: string | |
| type: array | |
| wwids: | |
| description: 'Optional: FC volume world wide identifiers | |
| (wwids) Either wwids or combination of targetWWNs | |
| and lun must be set, but not both simultaneously.' | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| flexVolume: | |
| description: FlexVolume represents a generic volume resource | |
| that is provisioned/attached using an exec based plugin. | |
| properties: | |
| driver: | |
| description: Driver is the name of the driver to use | |
| for this volume. | |
| type: string | |
| fsType: | |
| description: Filesystem type to mount. Must be a filesystem | |
| type supported by the host operating system. Ex. | |
| "ext4", "xfs", "ntfs". The default filesystem depends | |
| on FlexVolume script. | |
| type: string | |
| options: | |
| additionalProperties: | |
| type: string | |
| description: 'Optional: Extra command options if any.' | |
| type: object | |
| readOnly: | |
| description: 'Optional: Defaults to false (read/write). | |
| ReadOnly here will force the ReadOnly setting in | |
| VolumeMounts.' | |
| type: boolean | |
| secretRef: | |
| description: 'Optional: SecretRef is reference to | |
| the secret object containing sensitive information | |
| to pass to the plugin scripts. This may be empty | |
| if no secret object is specified. If the secret | |
| object contains more than one secret, all secrets | |
| are passed to the plugin scripts.' | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| type: object | |
| required: | |
| - driver | |
| type: object | |
| flocker: | |
| description: Flocker represents a Flocker volume attached | |
| to a kubelet's host machine. This depends on the Flocker | |
| control service being running | |
| properties: | |
| datasetName: | |
| description: Name of the dataset stored as metadata | |
| -> name on the dataset for Flocker should be considered | |
| as deprecated | |
| type: string | |
| datasetUUID: | |
| description: UUID of the dataset. This is unique identifier | |
| of a Flocker dataset | |
| type: string | |
| type: object | |
| gcePersistentDisk: | |
| description: 'GCEPersistentDisk represents a GCE Disk | |
| resource that is attached to a kubelet''s host machine | |
| and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' | |
| properties: | |
| fsType: | |
| description: 'Filesystem type of the volume that you | |
| want to mount. Tip: Ensure that the filesystem type | |
| is supported by the host operating system. Examples: | |
| "ext4", "xfs", "ntfs". Implicitly inferred to be | |
| "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | |
| TODO: how do we prevent errors in the filesystem | |
| from compromising the machine' | |
| type: string | |
| partition: | |
| description: 'The partition in the volume that you | |
| want to mount. If omitted, the default is to mount | |
| by volume name. Examples: For volume /dev/sda1, | |
| you specify the partition as "1". Similarly, the | |
| volume partition for /dev/sda is "0" (or you can | |
| leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' | |
| format: int32 | |
| type: integer | |
| pdName: | |
| description: 'Unique name of the PD resource in GCE. | |
| Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' | |
| type: string | |
| readOnly: | |
| description: 'ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. Defaults to false. More | |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' | |
| type: boolean | |
| required: | |
| - pdName | |
| type: object | |
| gitRepo: | |
| description: 'GitRepo represents a git repository at a | |
| particular revision. DEPRECATED: GitRepo is deprecated. | |
| To provision a container with a git repo, mount an EmptyDir | |
| into an InitContainer that clones the repo using git, | |
| then mount the EmptyDir into the Pod''s container.' | |
| properties: | |
| directory: | |
| description: Target directory name. Must not contain | |
| or start with '..'. If '.' is supplied, the volume | |
| directory will be the git repository. Otherwise, | |
| if specified, the volume will contain the git repository | |
| in the subdirectory with the given name. | |
| type: string | |
| repository: | |
| description: Repository URL | |
| type: string | |
| revision: | |
| description: Commit hash for the specified revision. | |
| type: string | |
| required: | |
| - repository | |
| type: object | |
| glusterfs: | |
| description: 'Glusterfs represents a Glusterfs mount on | |
| the host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md' | |
| properties: | |
| endpoints: | |
| description: 'EndpointsName is the endpoint name that | |
| details Glusterfs topology. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' | |
| type: string | |
| path: | |
| description: 'Path is the Glusterfs volume path. More | |
| info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' | |
| type: string | |
| readOnly: | |
| description: 'ReadOnly here will force the Glusterfs | |
| volume to be mounted with read-only permissions. | |
| Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' | |
| type: boolean | |
| required: | |
| - endpoints | |
| - path | |
| type: object | |
| hostPath: | |
| description: 'HostPath represents a pre-existing file | |
| or directory on the host machine that is directly exposed | |
| to the container. This is generally used for system | |
| agents or other privileged things that are allowed to | |
| see the host machine. Most containers will NOT need | |
| this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath | |
| --- TODO(jonesdl) We need to restrict who can use host | |
| directory mounts and who can/can not mount host directories | |
| as read/write.' | |
| properties: | |
| path: | |
| description: 'Path of the directory on the host. If | |
| the path is a symlink, it will follow the link to | |
| the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' | |
| type: string | |
| type: | |
| description: 'Type for HostPath Volume Defaults to | |
| "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' | |
| type: string | |
| required: | |
| - path | |
| type: object | |
| iscsi: | |
| description: 'ISCSI represents an ISCSI Disk resource | |
| that is attached to a kubelet''s host machine and then | |
| exposed to the pod. More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md' | |
| properties: | |
| chapAuthDiscovery: | |
| description: whether support iSCSI Discovery CHAP | |
| authentication | |
| type: boolean | |
| chapAuthSession: | |
| description: whether support iSCSI Session CHAP authentication | |
| type: boolean | |
| fsType: | |
| description: 'Filesystem type of the volume that you | |
| want to mount. Tip: Ensure that the filesystem type | |
| is supported by the host operating system. Examples: | |
| "ext4", "xfs", "ntfs". Implicitly inferred to be | |
| "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi | |
| TODO: how do we prevent errors in the filesystem | |
| from compromising the machine' | |
| type: string | |
| initiatorName: | |
| description: Custom iSCSI Initiator Name. If initiatorName | |
| is specified with iscsiInterface simultaneously, | |
| new iSCSI interface <target portal>:<volume name> | |
| will be created for the connection. | |
| type: string | |
| iqn: | |
| description: Target iSCSI Qualified Name. | |
| type: string | |
| iscsiInterface: | |
| description: iSCSI Interface Name that uses an iSCSI | |
| transport. Defaults to 'default' (tcp). | |
| type: string | |
| lun: | |
| description: iSCSI Target Lun number. | |
| format: int32 | |
| type: integer | |
| portals: | |
| description: iSCSI Target Portal List. The portal | |
| is either an IP or ip_addr:port if the port is other | |
| than default (typically TCP ports 860 and 3260). | |
| items: | |
| type: string | |
| type: array | |
| readOnly: | |
| description: ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. Defaults to false. | |
| type: boolean | |
| secretRef: | |
| description: CHAP Secret for iSCSI target and initiator | |
| authentication | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| type: object | |
| targetPortal: | |
| description: iSCSI Target Portal. The Portal is either | |
| an IP or ip_addr:port if the port is other than | |
| default (typically TCP ports 860 and 3260). | |
| type: string | |
| required: | |
| - iqn | |
| - lun | |
| - targetPortal | |
| type: object | |
| name: | |
| description: 'Volume''s name. Must be a DNS_LABEL and | |
| unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' | |
| type: string | |
| nfs: | |
| description: 'NFS represents an NFS mount on the host | |
| that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' | |
| properties: | |
| path: | |
| description: 'Path that is exported by the NFS server. | |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' | |
| type: string | |
| readOnly: | |
| description: 'ReadOnly here will force the NFS export | |
| to be mounted with read-only permissions. Defaults | |
| to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' | |
| type: boolean | |
| server: | |
| description: 'Server is the hostname or IP address | |
| of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' | |
| type: string | |
| required: | |
| - path | |
| - server | |
| type: object | |
| persistentVolumeClaim: | |
| description: 'PersistentVolumeClaimVolumeSource represents | |
| a reference to a PersistentVolumeClaim in the same namespace. | |
| More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' | |
| properties: | |
| claimName: | |
| description: 'ClaimName is the name of a PersistentVolumeClaim | |
| in the same namespace as the pod using this volume. | |
| More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' | |
| type: string | |
| readOnly: | |
| description: Will force the ReadOnly setting in VolumeMounts. | |
| Default false. | |
| type: boolean | |
| required: | |
| - claimName | |
| type: object | |
| photonPersistentDisk: | |
| description: PhotonPersistentDisk represents a PhotonController | |
| persistent disk attached and mounted on kubelets host | |
| machine | |
| properties: | |
| fsType: | |
| description: Filesystem type to mount. Must be a filesystem | |
| type supported by the host operating system. Ex. | |
| "ext4", "xfs", "ntfs". Implicitly inferred to be | |
| "ext4" if unspecified. | |
| type: string | |
| pdID: | |
| description: ID that identifies Photon Controller | |
| persistent disk | |
| type: string | |
| required: | |
| - pdID | |
| type: object | |
| portworxVolume: | |
| description: PortworxVolume represents a portworx volume | |
| attached and mounted on kubelets host machine | |
| properties: | |
| fsType: | |
| description: FSType represents the filesystem type | |
| to mount Must be a filesystem type supported by | |
| the host operating system. Ex. "ext4", "xfs". Implicitly | |
| inferred to be "ext4" if unspecified. | |
| type: string | |
| readOnly: | |
| description: Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in VolumeMounts. | |
| type: boolean | |
| volumeID: | |
| description: VolumeID uniquely identifies a Portworx | |
| volume | |
| type: string | |
| required: | |
| - volumeID | |
| type: object | |
| projected: | |
| description: Items for all in one resources secrets, configmaps, | |
| and downward API | |
| properties: | |
| defaultMode: | |
| description: Mode bits to use on created files by | |
| default. Must be a value between 0 and 0777. Directories | |
| within the path are not affected by this setting. | |
| This might be in conflict with other options that | |
| affect the file mode, like fsGroup, and the result | |
| can be other mode bits set. | |
| format: int32 | |
| type: integer | |
| sources: | |
| description: list of volume projections | |
| items: | |
| description: Projection that may be projected along | |
| with other supported volume types | |
| properties: | |
| configMap: | |
| description: information about the configMap | |
| data to project | |
| properties: | |
| items: | |
| description: If unspecified, each key-value | |
| pair in the Data field of the referenced | |
| ConfigMap will be projected into the volume | |
| as a file whose name is the key and content | |
| is the value. If specified, the listed | |
| keys will be projected into the specified | |
| paths, and unlisted keys will not be present. | |
| If a key is specified which is not present | |
| in the ConfigMap, the volume setup will | |
| error unless it is marked optional. Paths | |
| must be relative and may not contain the | |
| '..' path or start with '..'. | |
| items: | |
| description: Maps a string key to a path | |
| within a volume. | |
| properties: | |
| key: | |
| description: The key to project. | |
| type: string | |
| mode: | |
| description: 'Optional: mode bits | |
| to use on this file, must be a value | |
| between 0 and 0777. If not specified, | |
| the volume defaultMode will be used. | |
| This might be in conflict with other | |
| options that affect the file mode, | |
| like fsGroup, and the result can | |
| be other mode bits set.' | |
| format: int32 | |
| type: integer | |
| path: | |
| description: The relative path of | |
| the file to map the key to. May | |
| not be an absolute path. May not | |
| contain the path element '..'. May | |
| not start with the string '..'. | |
| type: string | |
| required: | |
| - key | |
| - path | |
| type: object | |
| type: array | |
| name: | |
| description: 'Name of the referent. More | |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap | |
| or it's keys must be defined | |
| type: boolean | |
| type: object | |
| downwardAPI: | |
| description: information about the downwardAPI | |
| data to project | |
| properties: | |
| items: | |
| description: Items is a list of DownwardAPIVolume | |
| file | |
| items: | |
| description: DownwardAPIVolumeFile represents | |
| information to create the file containing | |
| the pod field | |
| properties: | |
| fieldRef: | |
| description: 'Required: Selects a | |
| field of the pod: only annotations, | |
| labels, name and namespace are supported.' | |
| properties: | |
| apiVersion: | |
| description: Version of the schema | |
| the FieldPath is written in | |
| terms of, defaults to "v1". | |
| type: string | |
| fieldPath: | |
| description: Path of the field | |
| to select in the specified API | |
| version. | |
| type: string | |
| required: | |
| - fieldPath | |
| type: object | |
| mode: | |
| description: 'Optional: mode bits | |
| to use on this file, must be a value | |
| between 0 and 0777. If not specified, | |
| the volume defaultMode will be used. | |
| This might be in conflict with other | |
| options that affect the file mode, | |
| like fsGroup, and the result can | |
| be other mode bits set.' | |
| format: int32 | |
| type: integer | |
| path: | |
| description: 'Required: Path is the | |
| relative path name of the file to | |
| be created. Must not be absolute | |
| or contain the ''..'' path. Must | |
| be utf-8 encoded. The first item | |
| of the relative path must not start | |
| with ''..''' | |
| type: string | |
| resourceFieldRef: | |
| description: 'Selects a resource of | |
| the container: only resources limits | |
| and requests (limits.cpu, limits.memory, | |
| requests.cpu and requests.memory) | |
| are currently supported.' | |
| properties: | |
| containerName: | |
| description: 'Container name: | |
| required for volumes, optional | |
| for env vars' | |
| type: string | |
| divisor: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Specifies the output | |
| format of the exposed resources, | |
| defaults to "1" | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| resource: | |
| description: 'Required: resource | |
| to select' | |
| type: string | |
| required: | |
| - resource | |
| type: object | |
| required: | |
| - path | |
| type: object | |
| type: array | |
| type: object | |
| secret: | |
| description: information about the secret data | |
| to project | |
| properties: | |
| items: | |
| description: If unspecified, each key-value | |
| pair in the Data field of the referenced | |
| Secret will be projected into the volume | |
| as a file whose name is the key and content | |
| is the value. If specified, the listed | |
| keys will be projected into the specified | |
| paths, and unlisted keys will not be present. | |
| If a key is specified which is not present | |
| in the Secret, the volume setup will error | |
| unless it is marked optional. Paths must | |
| be relative and may not contain the '..' | |
| path or start with '..'. | |
| items: | |
| description: Maps a string key to a path | |
| within a volume. | |
| properties: | |
| key: | |
| description: The key to project. | |
| type: string | |
| mode: | |
| description: 'Optional: mode bits | |
| to use on this file, must be a value | |
| between 0 and 0777. If not specified, | |
| the volume defaultMode will be used. | |
| This might be in conflict with other | |
| options that affect the file mode, | |
| like fsGroup, and the result can | |
| be other mode bits set.' | |
| format: int32 | |
| type: integer | |
| path: | |
| description: The relative path of | |
| the file to map the key to. May | |
| not be an absolute path. May not | |
| contain the path element '..'. May | |
| not start with the string '..'. | |
| type: string | |
| required: | |
| - key | |
| - path | |
| type: object | |
| type: array | |
| name: | |
| description: 'Name of the referent. More | |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret | |
| or its key must be defined | |
| type: boolean | |
| type: object | |
| serviceAccountToken: | |
| description: information about the serviceAccountToken | |
| data to project | |
| properties: | |
| audience: | |
| description: Audience is the intended audience | |
| of the token. A recipient of a token must | |
| identify itself with an identifier specified | |
| in the audience of the token, and otherwise | |
| should reject the token. The audience | |
| defaults to the identifier of the apiserver. | |
| type: string | |
| expirationSeconds: | |
| description: ExpirationSeconds is the requested | |
| duration of validity of the service account | |
| token. As the token approaches expiration, | |
| the kubelet volume plugin will proactively | |
| rotate the service account token. The | |
| kubelet will start trying to rotate the | |
| token if the token is older than 80 percent | |
| of its time to live or if the token is | |
| older than 24 hours.Defaults to 1 hour | |
| and must be at least 10 minutes. | |
| format: int64 | |
| type: integer | |
| path: | |
| description: Path is the path relative to | |
| the mount point of the file to project | |
| the token into. | |
| type: string | |
| required: | |
| - path | |
| type: object | |
| type: object | |
| type: array | |
| required: | |
| - sources | |
| type: object | |
| quobyte: | |
| description: Quobyte represents a Quobyte mount on the | |
| host that shares a pod's lifetime | |
| properties: | |
| group: | |
| description: Group to map volume access to Default | |
| is no group | |
| type: string | |
| readOnly: | |
| description: ReadOnly here will force the Quobyte | |
| volume to be mounted with read-only permissions. | |
| Defaults to false. | |
| type: boolean | |
| registry: | |
| description: Registry represents a single or multiple | |
| Quobyte Registry services specified as a string | |
| as host:port pair (multiple entries are separated | |
| with commas) which acts as the central registry | |
| for volumes | |
| type: string | |
| user: | |
| description: User to map volume access to Defaults | |
| to serivceaccount user | |
| type: string | |
| volume: | |
| description: Volume is a string that references an | |
| already created Quobyte volume by name. | |
| type: string | |
| required: | |
| - registry | |
| - volume | |
| type: object | |
| rbd: | |
| description: 'RBD represents a Rados Block Device mount | |
| on the host that shares a pod''s lifetime. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md' | |
| properties: | |
| fsType: | |
| description: 'Filesystem type of the volume that you | |
| want to mount. Tip: Ensure that the filesystem type | |
| is supported by the host operating system. Examples: | |
| "ext4", "xfs", "ntfs". Implicitly inferred to be | |
| "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd | |
| TODO: how do we prevent errors in the filesystem | |
| from compromising the machine' | |
| type: string | |
| image: | |
| description: 'The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' | |
| type: string | |
| keyring: | |
| description: 'Keyring is the path to key ring for | |
| RBDUser. Default is /etc/ceph/keyring. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' | |
| type: string | |
| monitors: | |
| description: 'A collection of Ceph monitors. More | |
| info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' | |
| items: | |
| type: string | |
| type: array | |
| pool: | |
| description: 'The rados pool name. Default is rbd. | |
| More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' | |
| type: string | |
| readOnly: | |
| description: 'ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. Defaults to false. More | |
| info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' | |
| type: boolean | |
| secretRef: | |
| description: 'SecretRef is name of the authentication | |
| secret for RBDUser. If provided overrides keyring. | |
| Default is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| type: object | |
| user: | |
| description: 'The rados user name. Default is admin. | |
| More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' | |
| type: string | |
| required: | |
| - image | |
| - monitors | |
| type: object | |
| scaleIO: | |
| description: ScaleIO represents a ScaleIO persistent volume | |
| attached and mounted on Kubernetes nodes. | |
| properties: | |
| fsType: | |
| description: Filesystem type to mount. Must be a filesystem | |
| type supported by the host operating system. Ex. | |
| "ext4", "xfs", "ntfs". Default is "xfs". | |
| type: string | |
| gateway: | |
| description: The host address of the ScaleIO API Gateway. | |
| type: string | |
| protectionDomain: | |
| description: The name of the ScaleIO Protection Domain | |
| for the configured storage. | |
| type: string | |
| readOnly: | |
| description: Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in VolumeMounts. | |
| type: boolean | |
| secretRef: | |
| description: SecretRef references to the secret for | |
| ScaleIO user and other sensitive information. If | |
| this is not provided, Login operation will fail. | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| type: object | |
| sslEnabled: | |
| description: Flag to enable/disable SSL communication | |
| with Gateway, default false | |
| type: boolean | |
| storageMode: | |
| description: Indicates whether the storage for a volume | |
| should be ThickProvisioned or ThinProvisioned. Default | |
| is ThinProvisioned. | |
| type: string | |
| storagePool: | |
| description: The ScaleIO Storage Pool associated with | |
| the protection domain. | |
| type: string | |
| system: | |
| description: The name of the storage system as configured | |
| in ScaleIO. | |
| type: string | |
| volumeName: | |
| description: The name of a volume already created | |
| in the ScaleIO system that is associated with this | |
| volume source. | |
| type: string | |
| required: | |
| - gateway | |
| - secretRef | |
| - system | |
| type: object | |
| secret: | |
| description: 'Secret represents a secret that should populate | |
| this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' | |
| properties: | |
| defaultMode: | |
| description: 'Optional: mode bits to use on created | |
| files by default. Must be a value between 0 and | |
| 0777. Defaults to 0644. Directories within the path | |
| are not affected by this setting. This might be | |
| in conflict with other options that affect the file | |
| mode, like fsGroup, and the result can be other | |
| mode bits set.' | |
| format: int32 | |
| type: integer | |
| items: | |
| description: If unspecified, each key-value pair in | |
| the Data field of the referenced Secret will be | |
| projected into the volume as a file whose name is | |
| the key and content is the value. If specified, | |
| the listed keys will be projected into the specified | |
| paths, and unlisted keys will not be present. If | |
| a key is specified which is not present in the Secret, | |
| the volume setup will error unless it is marked | |
| optional. Paths must be relative and may not contain | |
| the '..' path or start with '..'. | |
| items: | |
| description: Maps a string key to a path within | |
| a volume. | |
| properties: | |
| key: | |
| description: The key to project. | |
| type: string | |
| mode: | |
| description: 'Optional: mode bits to use on | |
| this file, must be a value between 0 and 0777. | |
| If not specified, the volume defaultMode will | |
| be used. This might be in conflict with other | |
| options that affect the file mode, like fsGroup, | |
| and the result can be other mode bits set.' | |
| format: int32 | |
| type: integer | |
| path: | |
| description: The relative path of the file to | |
| map the key to. May not be an absolute path. | |
| May not contain the path element '..'. May | |
| not start with the string '..'. | |
| type: string | |
| required: | |
| - key | |
| - path | |
| type: object | |
| type: array | |
| optional: | |
| description: Specify whether the Secret or it's keys | |
| must be defined | |
| type: boolean | |
| secretName: | |
| description: 'Name of the secret in the pod''s namespace | |
| to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' | |
| type: string | |
| type: object | |
| storageos: | |
| description: StorageOS represents a StorageOS volume attached | |
| and mounted on Kubernetes nodes. | |
| properties: | |
| fsType: | |
| description: Filesystem type to mount. Must be a filesystem | |
| type supported by the host operating system. Ex. | |
| "ext4", "xfs", "ntfs". Implicitly inferred to be | |
| "ext4" if unspecified. | |
| type: string | |
| readOnly: | |
| description: Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in VolumeMounts. | |
| type: boolean | |
| secretRef: | |
| description: SecretRef specifies the secret to use | |
| for obtaining the StorageOS API credentials. If | |
| not specified, default values will be attempted. | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| type: object | |
| volumeName: | |
| description: VolumeName is the human-readable name | |
| of the StorageOS volume. Volume names are only | |
| unique within a namespace. | |
| type: string | |
| volumeNamespace: | |
| description: VolumeNamespace specifies the scope of | |
| the volume within StorageOS. If no namespace is | |
| specified then the Pod's namespace will be used. This | |
| allows the Kubernetes name scoping to be mirrored | |
| within StorageOS for tighter integration. Set VolumeName | |
| to any name to override the default behaviour. Set | |
| to "default" if you are not using namespaces within | |
| StorageOS. Namespaces that do not pre-exist within | |
| StorageOS will be created. | |
| type: string | |
| type: object | |
| vsphereVolume: | |
| description: VsphereVolume represents a vSphere volume | |
| attached and mounted on kubelets host machine | |
| properties: | |
| fsType: | |
| description: Filesystem type to mount. Must be a filesystem | |
| type supported by the host operating system. Ex. | |
| "ext4", "xfs", "ntfs". Implicitly inferred to be | |
| "ext4" if unspecified. | |
| type: string | |
| storagePolicyID: | |
| description: Storage Policy Based Management (SPBM) | |
| profile ID associated with the StoragePolicyName. | |
| type: string | |
| storagePolicyName: | |
| description: Storage Policy Based Management (SPBM) | |
| profile name. | |
| type: string | |
| volumePath: | |
| description: Path that identifies vSphere volume vmdk | |
| type: string | |
| required: | |
| - volumePath | |
| type: object | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| required: | |
| - containers | |
| type: object | |
| provisionPolicy: | |
| description: ProvisionPolicy describes how to provision the additional | |
| capacity. | |
| properties: | |
| podsToReplace: | |
| description: PodsToReplace is a list of pods that can be excluded | |
| from simulation when reserving additional capacity. The semantics | |
| is that the pod for which this capacity request reserves capacity | |
| will replace the pods in this list. | |
| items: | |
| description: LocalObjectReference contains enough information | |
| to let you locate the referenced object inside the same | |
| namespace. | |
| properties: | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, uid?' | |
| type: string | |
| type: object | |
| type: array | |
| required: | |
| - podsToReplace | |
| type: object | |
| provisionedCapacitySelector: | |
| description: ProvisionedCapacitySelector identifies pods that this | |
| Capacity Request is related to by. This signifies that creation | |
| of a pod matching ProvisionedCapacitySelector may mean that this | |
| Capacity Request is no longer needed. Note that this field is | |
| ignored by Cluster Autoscaler and it is the responsibility of | |
| the client to delete the Capacity Request when it becomes obsolete. | |
| If the client consumes the capacity without deleting the request, | |
| the Cluster Autoscaler will attempt to fulfill the request again. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list of label selector requirements. | |
| The requirements are ANDed. | |
| items: | |
| description: A label selector requirement is a selector that | |
| contains values, a key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: key is the label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: operator represents a key's relationship | |
| to a set of values. Valid operators are In, NotIn, Exists | |
| and DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array of string values. If the | |
| operator is In or NotIn, the values array must be non-empty. | |
| If the operator is Exists or DoesNotExist, the values | |
| array must be empty. This array is replaced during a | |
| strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} pairs. A single | |
| {key,value} in the matchLabels map is equivalent to an element | |
| of matchExpressions, whose key field is "key", the operator | |
| is "In", and the values array contains only "value". The requirements | |
| are ANDed. | |
| type: object | |
| type: object | |
| required: | |
| - capacity | |
| type: object | |
| status: | |
| description: Current status of the CapacityRequest. | |
| properties: | |
| conditions: | |
| description: Conditions is a set of conditions indicating the state | |
| in which the CapacityRequest is currently in. | |
| items: | |
| description: CapacityRequestCondition indicates the state in which | |
| the CapacityRequest is currently in. | |
| properties: | |
| lastTransitionTime: | |
| description: LastTransitionTime is the last time the condition | |
| transitioned from one status to another. | |
| format: date-time | |
| type: string | |
| message: | |
| description: Message is a human-readable explanation containing | |
| details about the transition. | |
| type: string | |
| reason: | |
| description: Reason for the condition's last transition. | |
| type: string | |
| status: | |
| description: Status of the condition (True, False, Unknown). | |
| type: string | |
| type: | |
| description: Type describes the current condition. | |
| type: string | |
| required: | |
| - status | |
| - type | |
| type: object | |
| type: array | |
| lastUpdateTime: | |
| description: LastUpdateTime is the time when the status was last | |
| refreshed. | |
| format: date-time | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: CapacityRequest | |
| listKind: CapacityRequestList | |
| plural: capacityrequests | |
| shortNames: | |
| - capreq | |
| singular: capacityrequest | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:04Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:04Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1alpha1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:02Z" | |
| generation: 1 | |
| labels: | |
| io.cilium.k8s.crd.schema.version: 1.24.3 | |
| name: ciliumendpoints.cilium.io | |
| resourceVersion: "344" | |
| uid: 5c972255-8277-427e-a0ff-df43146a6ad8 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: cilium.io | |
| names: | |
| kind: CiliumEndpoint | |
| listKind: CiliumEndpointList | |
| plural: ciliumendpoints | |
| shortNames: | |
| - cep | |
| - ciliumep | |
| singular: ciliumendpoint | |
| scope: Namespaced | |
| versions: | |
| - additionalPrinterColumns: | |
| - description: Cilium endpoint id | |
| jsonPath: .status.id | |
| name: Endpoint ID | |
| type: integer | |
| - description: Cilium identity id | |
| jsonPath: .status.identity.id | |
| name: Identity ID | |
| type: integer | |
| - description: Ingress enforcement in the endpoint | |
| jsonPath: .status.policy.ingress.enforcing | |
| name: Ingress Enforcement | |
| type: boolean | |
| - description: Egress enforcement in the endpoint | |
| jsonPath: .status.policy.egress.enforcing | |
| name: Egress Enforcement | |
| type: boolean | |
| - description: Status of visibility policy in the endpoint | |
| jsonPath: .status.visibility-policy-status | |
| name: Visibility Policy | |
| type: string | |
| - description: Endpoint current state | |
| jsonPath: .status.state | |
| name: Endpoint State | |
| type: string | |
| - description: Endpoint IPv4 address | |
| jsonPath: .status.networking.addressing[0].ipv4 | |
| name: IPv4 | |
| type: string | |
| - description: Endpoint IPv6 address | |
| jsonPath: .status.networking.addressing[0].ipv6 | |
| name: IPv6 | |
| type: string | |
| name: v2 | |
| schema: | |
| openAPIV3Schema: | |
| description: CiliumEndpoint is the status of a Cilium policy rule. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| status: | |
| description: EndpointStatus is the status of a Cilium endpoint. | |
| properties: | |
| controllers: | |
| description: Controllers is the list of failing controllers for | |
| this endpoint. | |
| items: | |
| description: ControllerStatus is the status of a failing controller. | |
| properties: | |
| configuration: | |
| description: Configuration is the controller configuration | |
| properties: | |
| error-retry: | |
| description: Retry on error | |
| type: boolean | |
| error-retry-base: | |
| description: 'Base error retry back-off time Format: duration' | |
| format: int64 | |
| type: integer | |
| interval: | |
| description: 'Regular synchronization interval Format: | |
| duration' | |
| format: int64 | |
| type: integer | |
| type: object | |
| name: | |
| description: Name is the name of the controller | |
| type: string | |
| status: | |
| description: Status is the status of the controller | |
| properties: | |
| consecutive-failure-count: | |
| format: int64 | |
| type: integer | |
| failure-count: | |
| format: int64 | |
| type: integer | |
| last-failure-msg: | |
| type: string | |
| last-failure-timestamp: | |
| type: string | |
| last-success-timestamp: | |
| type: string | |
| success-count: | |
| format: int64 | |
| type: integer | |
| type: object | |
| uuid: | |
| description: UUID is the UUID of the controller | |
| type: string | |
| type: object | |
| type: array | |
| encryption: | |
| description: Encryption is the encryption configuration of the node | |
| properties: | |
| key: | |
| description: Key is the index to the key to use for encryption | |
| or 0 if encryption is disabled. | |
| type: integer | |
| type: object | |
| external-identifiers: | |
| description: ExternalIdentifiers is a set of identifiers to identify | |
| the endpoint apart from the pod name. This includes container | |
| runtime IDs. | |
| properties: | |
| container-id: | |
| description: ID assigned by container runtime | |
| type: string | |
| container-name: | |
| description: Name assigned to container | |
| type: string | |
| docker-endpoint-id: | |
| description: Docker endpoint ID | |
| type: string | |
| docker-network-id: | |
| description: Docker network ID | |
| type: string | |
| k8s-namespace: | |
| description: K8s namespace for this endpoint | |
| type: string | |
| k8s-pod-name: | |
| description: K8s pod name for this endpoint | |
| type: string | |
| pod-name: | |
| description: K8s pod for this endpoint(Deprecated, use K8sPodName | |
| and K8sNamespace instead) | |
| type: string | |
| type: object | |
| health: | |
| description: Health is the overall endpoint & subcomponent health. | |
| properties: | |
| bpf: | |
| description: bpf | |
| type: string | |
| connected: | |
| description: Is this endpoint reachable | |
| type: boolean | |
| overallHealth: | |
| description: overall health | |
| type: string | |
| policy: | |
| description: policy | |
| type: string | |
| type: object | |
| id: | |
| description: ID is the cilium-agent-local ID of the endpoint. | |
| format: int64 | |
| type: integer | |
| identity: | |
| description: Identity is the security identity associated with the | |
| endpoint | |
| properties: | |
| id: | |
| description: ID is the numeric identity of the endpoint | |
| format: int64 | |
| type: integer | |
| labels: | |
| description: Labels is the list of labels associated with the | |
| identity | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| log: | |
| description: Log is the list of the last few warning and error log | |
| entries | |
| items: | |
| description: "EndpointStatusChange Indication of a change of status | |
| \n swagger:model EndpointStatusChange" | |
| properties: | |
| code: | |
| description: 'Code indicate type of status change Enum: [ok | |
| failed]' | |
| type: string | |
| message: | |
| description: Status message | |
| type: string | |
| state: | |
| description: state | |
| type: string | |
| timestamp: | |
| description: Timestamp when status change occurred | |
| type: string | |
| type: object | |
| type: array | |
| named-ports: | |
| description: "NamedPorts List of named Layer 4 port and protocol | |
| pairs which will be used in Network Policy specs. \n swagger:model | |
| NamedPorts" | |
| items: | |
| description: "Port Layer 4 port / protocol pair \n swagger:model | |
| Port" | |
| properties: | |
| name: | |
| description: Optional layer 4 port name | |
| type: string | |
| port: | |
| description: Layer 4 port number | |
| type: integer | |
| protocol: | |
| description: 'Layer 4 protocol Enum: [TCP UDP ICMP ICMPV6 | |
| ANY]' | |
| type: string | |
| type: object | |
| type: array | |
| networking: | |
| description: Networking is the networking properties of the endpoint. | |
| properties: | |
| addressing: | |
| description: IP4/6 addresses assigned to this Endpoint | |
| items: | |
| description: AddressPair is is a par of IPv4 and/or IPv6 address. | |
| properties: | |
| ipv4: | |
| type: string | |
| ipv6: | |
| type: string | |
| type: object | |
| type: array | |
| node: | |
| description: NodeIP is the IP of the node the endpoint is running | |
| on. The IP must be reachable between nodes. | |
| type: string | |
| required: | |
| - addressing | |
| type: object | |
| policy: | |
| description: EndpointPolicy represents the endpoint's policy by | |
| listing all allowed ingress and egress identities in combination | |
| with L4 port and protocol. | |
| properties: | |
| egress: | |
| description: EndpointPolicyDirection is the list of allowed | |
| identities per direction. | |
| properties: | |
| adding: | |
| description: Deprecated | |
| items: | |
| description: IdentityTuple specifies a peer by identity, | |
| destination port and protocol. | |
| properties: | |
| dest-port: | |
| type: integer | |
| identity: | |
| format: int64 | |
| type: integer | |
| identity-labels: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| protocol: | |
| type: integer | |
| type: object | |
| type: array | |
| allowed: | |
| description: AllowedIdentityList is a list of IdentityTuples | |
| that species peers that are allowed. | |
| items: | |
| description: IdentityTuple specifies a peer by identity, | |
| destination port and protocol. | |
| properties: | |
| dest-port: | |
| type: integer | |
| identity: | |
| format: int64 | |
| type: integer | |
| identity-labels: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| protocol: | |
| type: integer | |
| type: object | |
| type: array | |
| denied: | |
| description: DenyIdentityList is a list of IdentityTuples | |
| that species peers that are denied. | |
| items: | |
| description: IdentityTuple specifies a peer by identity, | |
| destination port and protocol. | |
| properties: | |
| dest-port: | |
| type: integer | |
| identity: | |
| format: int64 | |
| type: integer | |
| identity-labels: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| protocol: | |
| type: integer | |
| type: object | |
| type: array | |
| enforcing: | |
| type: boolean | |
| removing: | |
| description: Deprecated | |
| items: | |
| description: IdentityTuple specifies a peer by identity, | |
| destination port and protocol. | |
| properties: | |
| dest-port: | |
| type: integer | |
| identity: | |
| format: int64 | |
| type: integer | |
| identity-labels: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| protocol: | |
| type: integer | |
| type: object | |
| type: array | |
| required: | |
| - enforcing | |
| type: object | |
| ingress: | |
| description: EndpointPolicyDirection is the list of allowed | |
| identities per direction. | |
| properties: | |
| adding: | |
| description: Deprecated | |
| items: | |
| description: IdentityTuple specifies a peer by identity, | |
| destination port and protocol. | |
| properties: | |
| dest-port: | |
| type: integer | |
| identity: | |
| format: int64 | |
| type: integer | |
| identity-labels: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| protocol: | |
| type: integer | |
| type: object | |
| type: array | |
| allowed: | |
| description: AllowedIdentityList is a list of IdentityTuples | |
| that species peers that are allowed. | |
| items: | |
| description: IdentityTuple specifies a peer by identity, | |
| destination port and protocol. | |
| properties: | |
| dest-port: | |
| type: integer | |
| identity: | |
| format: int64 | |
| type: integer | |
| identity-labels: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| protocol: | |
| type: integer | |
| type: object | |
| type: array | |
| denied: | |
| description: DenyIdentityList is a list of IdentityTuples | |
| that species peers that are denied. | |
| items: | |
| description: IdentityTuple specifies a peer by identity, | |
| destination port and protocol. | |
| properties: | |
| dest-port: | |
| type: integer | |
| identity: | |
| format: int64 | |
| type: integer | |
| identity-labels: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| protocol: | |
| type: integer | |
| type: object | |
| type: array | |
| enforcing: | |
| type: boolean | |
| removing: | |
| description: Deprecated | |
| items: | |
| description: IdentityTuple specifies a peer by identity, | |
| destination port and protocol. | |
| properties: | |
| dest-port: | |
| type: integer | |
| identity: | |
| format: int64 | |
| type: integer | |
| identity-labels: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| protocol: | |
| type: integer | |
| type: object | |
| type: array | |
| required: | |
| - enforcing | |
| type: object | |
| type: object | |
| state: | |
| description: State is the state of the endpoint. | |
| enum: | |
| - creating | |
| - waiting-for-identity | |
| - not-ready | |
| - waiting-to-regenerate | |
| - regenerating | |
| - restoring | |
| - ready | |
| - disconnecting | |
| - disconnected | |
| - invalid | |
| type: string | |
| visibility-policy-status: | |
| type: string | |
| type: object | |
| required: | |
| - metadata | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: {} | |
| status: | |
| acceptedNames: | |
| kind: CiliumEndpoint | |
| listKind: CiliumEndpointList | |
| plural: ciliumendpoints | |
| shortNames: | |
| - cep | |
| - ciliumep | |
| singular: ciliumendpoint | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:03Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:03Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v2 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:03Z" | |
| generation: 1 | |
| labels: | |
| io.cilium.k8s.crd.schema.version: 1.24.3 | |
| name: ciliumendpointslices.cilium.io | |
| resourceVersion: "349" | |
| uid: 0784de77-e8cf-41a9-86e1-a3fa113f1e44 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: cilium.io | |
| names: | |
| kind: CiliumEndpointSlice | |
| listKind: CiliumEndpointSliceList | |
| plural: ciliumendpointslices | |
| shortNames: | |
| - ces | |
| singular: ciliumendpointslice | |
| scope: Cluster | |
| versions: | |
| - name: v2alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: CiliumEndpointSlice contains a group of CoreCiliumendpoints. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| endpoints: | |
| description: Endpoints is a list of coreCEPs packed in a CiliumEndpointSlice | |
| items: | |
| description: CoreCiliumEndpoint is slim version of status of CiliumEndpoint. | |
| properties: | |
| encryption: | |
| description: EncryptionSpec defines the encryption relevant configuration | |
| of a node. | |
| properties: | |
| key: | |
| description: Key is the index to the key to use for encryption | |
| or 0 if encryption is disabled. | |
| type: integer | |
| type: object | |
| id: | |
| description: IdentityID is the numeric identity of the endpoint | |
| format: int64 | |
| type: integer | |
| name: | |
| description: Name indicate as CiliumEndpoint name. | |
| type: string | |
| named-ports: | |
| description: "NamedPorts List of named Layer 4 port and protocol | |
| pairs which will be used in Network Policy specs. \n swagger:model | |
| NamedPorts" | |
| items: | |
| description: "Port Layer 4 port / protocol pair \n swagger:model | |
| Port" | |
| properties: | |
| name: | |
| description: Optional layer 4 port name | |
| type: string | |
| port: | |
| description: Layer 4 port number | |
| type: integer | |
| protocol: | |
| description: 'Layer 4 protocol Enum: [TCP UDP ICMP ICMPV6 | |
| ANY]' | |
| type: string | |
| type: object | |
| type: array | |
| networking: | |
| description: EndpointNetworking is the addressing information | |
| of an endpoint. | |
| properties: | |
| addressing: | |
| description: IP4/6 addresses assigned to this Endpoint | |
| items: | |
| description: AddressPair is is a par of IPv4 and/or IPv6 | |
| address. | |
| properties: | |
| ipv4: | |
| type: string | |
| ipv6: | |
| type: string | |
| type: object | |
| type: array | |
| node: | |
| description: NodeIP is the IP of the node the endpoint is | |
| running on. The IP must be reachable between nodes. | |
| type: string | |
| required: | |
| - addressing | |
| type: object | |
| type: object | |
| type: array | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| namespace: | |
| description: Namespace indicate as CiliumEndpointSlice namespace. All | |
| the CiliumEndpoints within the same namespace are put together in | |
| CiliumEndpointSlice. | |
| type: string | |
| required: | |
| - endpoints | |
| - metadata | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: CiliumEndpointSlice | |
| listKind: CiliumEndpointSliceList | |
| plural: ciliumendpointslices | |
| shortNames: | |
| - ces | |
| singular: ciliumendpointslice | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:03Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:03Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v2alpha1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:02Z" | |
| generation: 1 | |
| labels: | |
| io.cilium.k8s.crd.schema.version: 1.24.3 | |
| name: ciliumexternalworkloads.cilium.io | |
| resourceVersion: "333" | |
| uid: 0f7c73fb-58a0-45ac-955e-2f8abc26a006 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: cilium.io | |
| names: | |
| kind: CiliumExternalWorkload | |
| listKind: CiliumExternalWorkloadList | |
| plural: ciliumexternalworkloads | |
| shortNames: | |
| - cew | |
| singular: ciliumexternalworkload | |
| scope: Cluster | |
| versions: | |
| - additionalPrinterColumns: | |
| - jsonPath: .status.id | |
| name: Cilium ID | |
| type: integer | |
| - jsonPath: .status.ip | |
| name: IP | |
| type: string | |
| name: v2 | |
| schema: | |
| openAPIV3Schema: | |
| description: CiliumExternalWorkload is a Kubernetes Custom Resource that | |
| contains a specification for an external workload that can join the cluster. The | |
| name of the CRD is the FQDN of the external workload, and it needs to | |
| match the name in the workload registration. The labels on the CRD object | |
| are the labels that will be used to allocate a Cilium Identity for the | |
| external workload. If 'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' | |
| labels are not explicitly specified, they will be defaulted to 'default' | |
| and <workload name>, respectively. 'io.cilium.k8s.policy.cluster' will | |
| always be defined as the name of the current cluster, which defaults to | |
| "default". | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Spec is the desired configuration of the external Cilium | |
| workload. | |
| properties: | |
| ipv4-alloc-cidr: | |
| description: IPv4AllocCIDR is the range of IPv4 addresses in the | |
| CIDR format that the external workload can use to allocate IP | |
| addresses for the tunnel device and the health endpoint. | |
| pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]|[1-2][0-9]|3[0-2])$ | |
| type: string | |
| ipv6-alloc-cidr: | |
| description: IPv6AllocCIDR is the range of IPv6 addresses in the | |
| CIDR format that the external workload can use to allocate IP | |
| addresses for the tunnel device and the health endpoint. | |
| pattern: ^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$ | |
| type: string | |
| type: object | |
| status: | |
| description: Status is the most recent status of the external Cilium | |
| workload. It is a read-only field. | |
| properties: | |
| id: | |
| description: ID is the numeric identity allocated for the external | |
| workload. | |
| format: int64 | |
| type: integer | |
| ip: | |
| description: IP is the IP address of the workload. Empty if the | |
| workload has not registered. | |
| type: string | |
| type: object | |
| required: | |
| - metadata | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: CiliumExternalWorkload | |
| listKind: CiliumExternalWorkloadList | |
| plural: ciliumexternalworkloads | |
| shortNames: | |
| - cew | |
| singular: ciliumexternalworkload | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v2 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:02Z" | |
| generation: 1 | |
| labels: | |
| io.cilium.k8s.crd.schema.version: 1.24.3 | |
| name: ciliumidentities.cilium.io | |
| resourceVersion: "336" | |
| uid: 5c9a8ab9-3871-47db-8286-b0fdb94a7d8b | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: cilium.io | |
| names: | |
| kind: CiliumIdentity | |
| listKind: CiliumIdentityList | |
| plural: ciliumidentities | |
| shortNames: | |
| - ciliumid | |
| singular: ciliumidentity | |
| scope: Cluster | |
| versions: | |
| - additionalPrinterColumns: | |
| - description: The namespace of the entity | |
| jsonPath: .metadata.labels.io\.kubernetes\.pod\.namespace | |
| name: Namespace | |
| type: string | |
| - description: The age of the identity | |
| jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| name: v2 | |
| schema: | |
| openAPIV3Schema: | |
| description: 'CiliumIdentity is a CRD that represents an identity managed | |
| by Cilium. It is intended as a backing store for identity allocation, | |
| acting as the global coordination backend, and can be used in place of | |
| a KVStore (such as etcd). The name of the CRD is the numeric identity | |
| and the labels on the CRD object are the the kubernetes sourced labels | |
| seen by cilium. This is currently the only label source possible when | |
| running under kubernetes. Non-kubernetes labels are filtered but all labels, | |
| from all sources, are places in the SecurityLabels field. These also include | |
| the source and are used to define the identity. The labels under metav1.ObjectMeta | |
| can be used when searching for CiliumIdentity instances that include particular | |
| labels. This can be done with invocations such as: kubectl get ciliumid | |
| -l ''foo=bar'' Each node using a ciliumidentity updates the status field | |
| with it''s name and a timestamp when it first allocates or uses an identity, | |
| and periodically after that. It deletes its entry when no longer using | |
| this identity. cilium-operator uses the list of nodes in status to reference | |
| count users of this identity, and to expire stale usage.' | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| security-labels: | |
| additionalProperties: | |
| type: string | |
| description: SecurityLabels is the source-of-truth set of labels for | |
| this identity. | |
| type: object | |
| required: | |
| - metadata | |
| - security-labels | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: CiliumIdentity | |
| listKind: CiliumIdentityList | |
| plural: ciliumidentities | |
| shortNames: | |
| - ciliumid | |
| singular: ciliumidentity | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v2 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:03Z" | |
| generation: 1 | |
| labels: | |
| io.cilium.k8s.crd.schema.version: 1.24.3 | |
| name: ciliumlocalredirectpolicies.cilium.io | |
| resourceVersion: "353" | |
| uid: 573fdd63-abb4-4ca8-9120-fb0d3b7a5340 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: cilium.io | |
| names: | |
| kind: CiliumLocalRedirectPolicy | |
| listKind: CiliumLocalRedirectPolicyList | |
| plural: ciliumlocalredirectpolicies | |
| shortNames: | |
| - clrp | |
| singular: ciliumlocalredirectpolicy | |
| scope: Namespaced | |
| versions: | |
| - additionalPrinterColumns: | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| name: v2 | |
| schema: | |
| openAPIV3Schema: | |
| description: CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that | |
| contains a specification to redirect traffic locally within a node. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Spec is the desired behavior of the local redirect policy. | |
| properties: | |
| description: | |
| description: Description can be used by the creator of the policy | |
| to describe the purpose of this policy. | |
| type: string | |
| redirectBackend: | |
| description: RedirectBackend specifies backend configuration to | |
| redirect traffic to. It can not be empty. | |
| properties: | |
| localEndpointSelector: | |
| description: LocalEndpointSelector selects node local pod(s) | |
| where traffic is redirected to. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list of label selector | |
| requirements. The requirements are ANDed. | |
| items: | |
| description: A label selector requirement is a selector | |
| that contains values, a key, and an operator that relates | |
| the key and values. | |
| properties: | |
| key: | |
| description: key is the label key that the selector | |
| applies to. | |
| type: string | |
| operator: | |
| description: operator represents a key's relationship | |
| to a set of values. Valid operators are In, NotIn, | |
| Exists and DoesNotExist. | |
| enum: | |
| - In | |
| - NotIn | |
| - Exists | |
| - DoesNotExist | |
| type: string | |
| values: | |
| description: values is an array of string values. | |
| If the operator is In or NotIn, the values array | |
| must be non-empty. If the operator is Exists or | |
| DoesNotExist, the values array must be empty. This | |
| array is replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| description: MatchLabelsValue represents the value from | |
| the MatchLabels {key,value} pair. | |
| maxLength: 63 | |
| pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ | |
| type: string | |
| description: matchLabels is a map of {key,value} pairs. | |
| A single {key,value} in the matchLabels map is equivalent | |
| to an element of matchExpressions, whose key field is | |
| "key", the operator is "In", and the values array contains | |
| only "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| toPorts: | |
| description: ToPorts is a list of L4 ports with protocol of | |
| node local pod(s) where traffic is redirected to. When multiple | |
| ports are specified, the ports must be named. | |
| items: | |
| description: PortInfo specifies L4 port number and name along | |
| with the transport protocol | |
| properties: | |
| name: | |
| description: Name is a port name, which must contain at | |
| least one [a-z], and may also contain [0-9] and '-' | |
| anywhere except adjacent to another '-' or in the beginning | |
| or the end. | |
| pattern: ^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$ | |
| type: string | |
| port: | |
| description: Port is an L4 port number. The string will | |
| be strictly parsed as a single uint16. | |
| pattern: ^()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$ | |
| type: string | |
| protocol: | |
| description: 'Protocol is the L4 protocol. Accepted values: | |
| "TCP", "UDP"' | |
| enum: | |
| - TCP | |
| - UDP | |
| type: string | |
| required: | |
| - port | |
| - protocol | |
| type: object | |
| type: array | |
| required: | |
| - localEndpointSelector | |
| - toPorts | |
| type: object | |
| redirectFrontend: | |
| description: RedirectFrontend specifies frontend configuration to | |
| redirect traffic from. It can not be empty. | |
| oneOf: | |
| - properties: | |
| addressMatcher: {} | |
| required: | |
| - addressMatcher | |
| - properties: | |
| serviceMatcher: {} | |
| required: | |
| - serviceMatcher | |
| properties: | |
| addressMatcher: | |
| description: AddressMatcher is a tuple {IP, port, protocol} | |
| that matches traffic to be redirected. | |
| properties: | |
| ip: | |
| description: "IP is a destination ip address for traffic | |
| to be redirected. \n Example: When it is set to \"169.254.169.254\", | |
| traffic destined to \"169.254.169.254\" is redirected." | |
| pattern: ((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$)) | |
| type: string | |
| toPorts: | |
| description: "ToPorts is a list of destination L4 ports | |
| with protocol for traffic to be redirected. When multiple | |
| ports are specified, the ports must be named. \n Example: | |
| When set to Port: \"53\" and Protocol: UDP, traffic destined | |
| to port '53' with UDP protocol is redirected." | |
| items: | |
| description: PortInfo specifies L4 port number and name | |
| along with the transport protocol | |
| properties: | |
| name: | |
| description: Name is a port name, which must contain | |
| at least one [a-z], and may also contain [0-9] and | |
| '-' anywhere except adjacent to another '-' or in | |
| the beginning or the end. | |
| pattern: ^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$ | |
| type: string | |
| port: | |
| description: Port is an L4 port number. The string | |
| will be strictly parsed as a single uint16. | |
| pattern: ^()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$ | |
| type: string | |
| protocol: | |
| description: 'Protocol is the L4 protocol. Accepted | |
| values: "TCP", "UDP"' | |
| enum: | |
| - TCP | |
| - UDP | |
| type: string | |
| required: | |
| - port | |
| - protocol | |
| type: object | |
| type: array | |
| required: | |
| - ip | |
| - toPorts | |
| type: object | |
| serviceMatcher: | |
| description: ServiceMatcher specifies Kubernetes service and | |
| port that matches traffic to be redirected. | |
| properties: | |
| namespace: | |
| description: Namespace is the Kubernetes service namespace. | |
| The service namespace must match the namespace of the | |
| parent Local Redirect Policy. For Cluster-wide Local | |
| Redirect Policy, this can be any namespace. | |
| type: string | |
| serviceName: | |
| description: "Name is the name of a destination Kubernetes | |
| service that identifies traffic to be redirected. The | |
| service type needs to be ClusterIP. \n Example: When this | |
| field is populated with 'serviceName:myService', all the | |
| traffic destined to the cluster IP of this service at | |
| the (specified) service port(s) will be redirected." | |
| type: string | |
| toPorts: | |
| description: ToPorts is a list of destination service L4 | |
| ports with protocol for traffic to be redirected. If not | |
| specified, traffic for all the service ports will be redirected. | |
| When multiple ports are specified, the ports must be named. | |
| items: | |
| description: PortInfo specifies L4 port number and name | |
| along with the transport protocol | |
| properties: | |
| name: | |
| description: Name is a port name, which must contain | |
| at least one [a-z], and may also contain [0-9] and | |
| '-' anywhere except adjacent to another '-' or in | |
| the beginning or the end. | |
| pattern: ^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$ | |
| type: string | |
| port: | |
| description: Port is an L4 port number. The string | |
| will be strictly parsed as a single uint16. | |
| pattern: ^()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$ | |
| type: string | |
| protocol: | |
| description: 'Protocol is the L4 protocol. Accepted | |
| values: "TCP", "UDP"' | |
| enum: | |
| - TCP | |
| - UDP | |
| type: string | |
| required: | |
| - port | |
| - protocol | |
| type: object | |
| type: array | |
| required: | |
| - namespace | |
| - serviceName | |
| type: object | |
| type: object | |
| required: | |
| - redirectBackend | |
| - redirectFrontend | |
| type: object | |
| status: | |
| description: Status is the most recent status of the local redirect | |
| policy. It is a read-only field. | |
| properties: | |
| ok: | |
| description: TODO Define status(aditi) | |
| type: object | |
| type: object | |
| required: | |
| - metadata | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: {} | |
| status: | |
| acceptedNames: | |
| kind: CiliumLocalRedirectPolicy | |
| listKind: CiliumLocalRedirectPolicyList | |
| plural: ciliumlocalredirectpolicies | |
| shortNames: | |
| - clrp | |
| singular: ciliumlocalredirectpolicy | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:03Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:03Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v2 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:02Z" | |
| generation: 1 | |
| labels: | |
| io.cilium.k8s.crd.schema.version: 1.24.3 | |
| name: ciliumnodes.cilium.io | |
| resourceVersion: "340" | |
| uid: 1ae38397-c20f-4980-8b97-3788f7458505 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: cilium.io | |
| names: | |
| kind: CiliumNode | |
| listKind: CiliumNodeList | |
| plural: ciliumnodes | |
| shortNames: | |
| - cn | |
| - ciliumn | |
| singular: ciliumnode | |
| scope: Cluster | |
| versions: | |
| - name: v2 | |
| schema: | |
| openAPIV3Schema: | |
| description: CiliumNode represents a node managed by Cilium. It contains | |
| a specification to control various node specific configuration aspects | |
| and a status section to represent the status of the node. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Spec defines the desired specification/configuration of | |
| the node. | |
| properties: | |
| addresses: | |
| description: Addresses is the list of all node addresses. | |
| items: | |
| description: NodeAddress is a node address. | |
| properties: | |
| ip: | |
| description: IP is an IP of a node | |
| type: string | |
| type: | |
| description: Type is the type of the node address | |
| type: string | |
| type: object | |
| type: array | |
| alibaba-cloud: | |
| description: AlibabaCloud is the AlibabaCloud IPAM specific configuration. | |
| properties: | |
| availability-zone: | |
| description: AvailabilityZone is the availability zone to use | |
| when allocating ENIs. | |
| type: string | |
| cidr-block: | |
| description: CIDRBlock is vpc ipv4 CIDR | |
| type: string | |
| instance-type: | |
| description: InstanceType is the ECS instance type, e.g. "ecs.g6.2xlarge" | |
| type: string | |
| security-group-tags: | |
| additionalProperties: | |
| type: string | |
| description: SecurityGroupTags is the list of tags to use when | |
| evaluating which security groups to use for the ENI. | |
| type: object | |
| security-groups: | |
| description: SecurityGroups is the list of security groups to | |
| attach to any ENI that is created and attached to the instance. | |
| items: | |
| type: string | |
| type: array | |
| vpc-id: | |
| description: VPCID is the VPC ID to use when allocating ENIs. | |
| type: string | |
| vswitch-tags: | |
| additionalProperties: | |
| type: string | |
| description: VSwitchTags is the list of tags to use when evaluating | |
| which vSwitch to use for the ENI. | |
| type: object | |
| vswitches: | |
| description: VSwitches is the ID of vSwitch available for ENI | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| azure: | |
| description: Azure is the Azure IPAM specific configuration. | |
| properties: | |
| interface-name: | |
| description: InterfaceName is the name of the interface the | |
| cilium-operator will use to allocate all the IPs on | |
| type: string | |
| type: object | |
| encryption: | |
| description: Encryption is the encryption configuration of the node. | |
| properties: | |
| key: | |
| description: Key is the index to the key to use for encryption | |
| or 0 if encryption is disabled. | |
| type: integer | |
| type: object | |
| eni: | |
| description: ENI is the AWS ENI specific configuration. | |
| properties: | |
| availability-zone: | |
| description: AvailabilityZone is the availability zone to use | |
| when allocating ENIs. | |
| type: string | |
| delete-on-termination: | |
| description: DeleteOnTermination defines that the ENI should | |
| be deleted when the associated instance is terminated. If | |
| the parameter is not set the default behavior is to delete | |
| the ENI on instance termination. | |
| type: boolean | |
| first-interface-index: | |
| description: FirstInterfaceIndex is the index of the first ENI | |
| to use for IP allocation, e.g. if the node has eth0, eth1, | |
| eth2 and FirstInterfaceIndex is set to 1, then only eth1 and | |
| eth2 will be used for IP allocation, eth0 will be ignored | |
| for PodIP allocation. | |
| minimum: 0 | |
| type: integer | |
| instance-id: | |
| description: "InstanceID is the AWS InstanceId of the node. | |
| The InstanceID is used to retrieve AWS metadata for the node. | |
| \n OBSOLETE: This field is obsolete, please use Spec.InstanceID" | |
| type: string | |
| instance-type: | |
| description: InstanceType is the AWS EC2 instance type, e.g. | |
| "m5.large" | |
| type: string | |
| max-above-watermark: | |
| description: "MaxAboveWatermark is the maximum number of addresses | |
| to allocate beyond the addresses needed to reach the PreAllocate | |
| watermark. Going above the watermark can help reduce the number | |
| of API calls to allocate IPs, e.g. when a new ENI is allocated, | |
| as many secondary IPs as possible are allocated. Limiting | |
| the amount can help reduce waste of IPs. \n OBSOLETE: This | |
| field is obsolete, please use Spec.IPAM.MaxAboveWatermark" | |
| minimum: 0 | |
| type: integer | |
| min-allocate: | |
| description: "MinAllocate is the minimum number of IPs that | |
| must be allocated when the node is first bootstrapped. It | |
| defines the minimum base socket of addresses that must be | |
| available. After reaching this watermark, the PreAllocate | |
| and MaxAboveWatermark logic takes over to continue allocating | |
| IPs. \n OBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate" | |
| minimum: 0 | |
| type: integer | |
| pre-allocate: | |
| description: "PreAllocate defines the number of IP addresses | |
| that must be available for allocation in the IPAMspec. It | |
| defines the buffer of addresses available immediately without | |
| requiring cilium-operator to get involved. \n OBSOLETE: This | |
| field is obsolete, please use Spec.IPAM.PreAllocate" | |
| minimum: 0 | |
| type: integer | |
| security-group-tags: | |
| additionalProperties: | |
| type: string | |
| description: SecurityGroupTags is the list of tags to use when | |
| evaliating what AWS security groups to use for the ENI. | |
| type: object | |
| security-groups: | |
| description: SecurityGroups is the list of security groups to | |
| attach to any ENI that is created and attached to the instance. | |
| items: | |
| type: string | |
| type: array | |
| subnet-ids: | |
| description: SubnetIDs is the list of subnet ids to use when | |
| evaluating what AWS subnets to use for ENI and IP allocation. | |
| items: | |
| type: string | |
| type: array | |
| subnet-tags: | |
| additionalProperties: | |
| type: string | |
| description: SubnetTags is the list of tags to use when evaluating | |
| what AWS subnets to use for ENI and IP allocation. | |
| type: object | |
| vpc-id: | |
| description: VpcID is the VPC ID to use when allocating ENIs. | |
| type: string | |
| type: object | |
| health: | |
| description: HealthAddressing is the addressing information for | |
| health connectivity checking. | |
| properties: | |
| ipv4: | |
| description: IPv4 is the IPv4 address of the IPv4 health endpoint. | |
| type: string | |
| ipv6: | |
| description: IPv6 is the IPv6 address of the IPv4 health endpoint. | |
| type: string | |
| type: object | |
| instance-id: | |
| description: InstanceID is the identifier of the node. This is different | |
| from the node name which is typically the FQDN of the node. The | |
| InstanceID typically refers to the identifier used by the cloud | |
| provider or some other means of identification. | |
| type: string | |
| ipam: | |
| description: IPAM is the address management specification. This | |
| section can be populated by a user or it can be automatically | |
| populated by an IPAM operator. | |
| properties: | |
| max-above-watermark: | |
| description: MaxAboveWatermark is the maximum number of addresses | |
| to allocate beyond the addresses needed to reach the PreAllocate | |
| watermark. Going above the watermark can help reduce the number | |
| of API calls to allocate IPs, e.g. when a new ENI is allocated, | |
| as many secondary IPs as possible are allocated. Limiting | |
| the amount can help reduce waste of IPs. | |
| minimum: 0 | |
| type: integer | |
| max-allocate: | |
| description: MaxAllocate is the maximum number of IPs that can | |
| be allocated to the node. When the current amount of allocated | |
| IPs will approach this value, the considered value for PreAllocate | |
| will decrease down to 0 in order to not attempt to allocate | |
| more addresses than defined. | |
| minimum: 0 | |
| type: integer | |
| min-allocate: | |
| description: MinAllocate is the minimum number of IPs that must | |
| be allocated when the node is first bootstrapped. It defines | |
| the minimum base socket of addresses that must be available. | |
| After reaching this watermark, the PreAllocate and MaxAboveWatermark | |
| logic takes over to continue allocating IPs. | |
| minimum: 0 | |
| type: integer | |
| podCIDRs: | |
| description: PodCIDRs is the list of CIDRs available to the | |
| node for allocation. When an IP is used, the IP will be added | |
| to Status.IPAM.Used | |
| items: | |
| type: string | |
| type: array | |
| pool: | |
| additionalProperties: | |
| description: AllocationIP is an IP which is available for | |
| allocation, or already has been allocated | |
| properties: | |
| owner: | |
| description: "Owner is the owner of the IP. This field | |
| is set if the IP has been allocated. It will be set | |
| to the pod name or another identifier representing the | |
| usage of the IP \n The owner field is left blank for | |
| an entry in Spec.IPAM.Pool and filled out as the IP | |
| is used and also added to Status.IPAM.Used." | |
| type: string | |
| resource: | |
| description: Resource is set for both available and allocated | |
| IPs, it represents what resource the IP is associated | |
| with, e.g. in combination with AWS ENI, this will refer | |
| to the ID of the ENI | |
| type: string | |
| type: object | |
| description: Pool is the list of IPs available to the node for | |
| allocation. When an IP is used, the IP will remain on this | |
| list but will be added to Status.IPAM.Used | |
| type: object | |
| pre-allocate: | |
| description: PreAllocate defines the number of IP addresses | |
| that must be available for allocation in the IPAMspec. It | |
| defines the buffer of addresses available immediately without | |
| requiring cilium-operator to get involved. | |
| minimum: 0 | |
| type: integer | |
| type: object | |
| nodeidentity: | |
| description: NodeIdentity is the Cilium numeric identity allocated | |
| for the node, if any. | |
| format: int64 | |
| type: integer | |
| type: object | |
| status: | |
| description: Status defines the realized specification/configuration | |
| and status of the node. | |
| properties: | |
| alibaba-cloud: | |
| description: AlibabaCloud is the AlibabaCloud specific status of | |
| the node. | |
| properties: | |
| enis: | |
| additionalProperties: | |
| description: ENI represents an AlibabaCloud Elastic Network | |
| Interface | |
| properties: | |
| instance-id: | |
| description: InstanceID is the InstanceID using this ENI | |
| type: string | |
| mac-address: | |
| description: MACAddress is the mac address of the ENI | |
| type: string | |
| network-interface-id: | |
| description: NetworkInterfaceID is the ENI id | |
| type: string | |
| primary-ip-address: | |
| description: PrimaryIPAddress is the primary IP on ENI | |
| type: string | |
| private-ipsets: | |
| description: PrivateIPSets is the list of all IPs on the | |
| ENI, including PrimaryIPAddress | |
| items: | |
| description: PrivateIPSet is a nested struct in ecs | |
| response | |
| properties: | |
| primary: | |
| type: boolean | |
| private-ip-address: | |
| type: string | |
| type: object | |
| type: array | |
| security-groupids: | |
| description: SecurityGroupIDs is the security group ids | |
| used by this ENI | |
| items: | |
| type: string | |
| type: array | |
| tags: | |
| additionalProperties: | |
| type: string | |
| description: Tags is the tags on this ENI | |
| type: object | |
| type: | |
| description: Type is the ENI type Primary or Secondary | |
| type: string | |
| vpc: | |
| description: VPC is the vpc to which the ENI belongs | |
| properties: | |
| cidr: | |
| description: CIDRBlock is the VPC IPv4 CIDR | |
| type: string | |
| ipv6-cidr: | |
| description: IPv6CIDRBlock is the VPC IPv6 CIDR | |
| type: string | |
| vpc-id: | |
| description: VPCID is the vpc to which the ENI belongs | |
| type: string | |
| type: object | |
| vswitch: | |
| description: VSwitch is the vSwitch the ENI is using | |
| properties: | |
| cidr: | |
| description: CIDRBlock is the vSwitch IPv4 CIDR | |
| type: string | |
| ipv6-cidr: | |
| description: IPv6CIDRBlock is the vSwitch IPv6 CIDR | |
| type: string | |
| vswitch-id: | |
| description: VSwitchID is the vSwitch to which the | |
| ENI belongs | |
| type: string | |
| type: object | |
| zone-id: | |
| description: ZoneID is the zone to which the ENI belongs | |
| type: string | |
| type: object | |
| description: ENIs is the list of ENIs on the node | |
| type: object | |
| type: object | |
| azure: | |
| description: Azure is the Azure specific status of the node. | |
| properties: | |
| interfaces: | |
| description: Interfaces is the list of interfaces on the node | |
| items: | |
| description: AzureInterface represents an Azure Interface | |
| properties: | |
| GatewayIP: | |
| description: "GatewayIP is the interface's subnet's default | |
| route \n OBSOLETE: This field is obsolete, please use | |
| Gateway field instead." | |
| type: string | |
| addresses: | |
| description: Addresses is the list of all IPs associated | |
| with the interface, including all secondary addresses | |
| items: | |
| description: AzureAddress is an IP address assigned | |
| to an AzureInterface | |
| properties: | |
| ip: | |
| description: IP is the ip address of the address | |
| type: string | |
| state: | |
| description: State is the provisioning state of | |
| the address | |
| type: string | |
| subnet: | |
| description: Subnet is the subnet the address belongs | |
| to | |
| type: string | |
| type: object | |
| type: array | |
| cidr: | |
| description: CIDR is the range that the interface belongs | |
| to. | |
| type: string | |
| gateway: | |
| description: Gateway is the interface's subnet's default | |
| route | |
| type: string | |
| id: | |
| description: ID is the identifier | |
| type: string | |
| mac: | |
| description: MAC is the mac address | |
| type: string | |
| name: | |
| description: Name is the name of the interface | |
| type: string | |
| security-group: | |
| description: SecurityGroup is the security group associated | |
| with the interface | |
| type: string | |
| state: | |
| description: State is the provisioning state | |
| type: string | |
| type: object | |
| type: array | |
| type: object | |
| eni: | |
| description: ENI is the AWS ENI specific status of the node. | |
| properties: | |
| enis: | |
| additionalProperties: | |
| description: "ENI represents an AWS Elastic Network Interface | |
| \n More details: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html" | |
| properties: | |
| addresses: | |
| description: Addresses is the list of all secondary IPs | |
| associated with the ENI | |
| items: | |
| type: string | |
| type: array | |
| availability-zone: | |
| description: AvailabilityZone is the availability zone | |
| of the ENI | |
| type: string | |
| description: | |
| description: Description is the description field of the | |
| ENI | |
| type: string | |
| id: | |
| description: ID is the ENI ID | |
| type: string | |
| ip: | |
| description: IP is the primary IP of the ENI | |
| type: string | |
| mac: | |
| description: MAC is the mac address of the ENI | |
| type: string | |
| number: | |
| description: Number is the interface index, it used in | |
| combination with FirstInterfaceIndex | |
| type: integer | |
| security-groups: | |
| description: SecurityGroups are the security groups associated | |
| with the ENI | |
| items: | |
| type: string | |
| type: array | |
| subnet: | |
| description: Subnet is the subnet the ENI is associated | |
| with | |
| properties: | |
| cidr: | |
| description: CIDR is the CIDR range associated with | |
| the subnet | |
| type: string | |
| id: | |
| description: ID is the ID of the subnet | |
| type: string | |
| type: object | |
| vpc: | |
| description: VPC is the VPC information to which the ENI | |
| is attached to | |
| properties: | |
| cidrs: | |
| description: CIDRs is the list of CIDR ranges associated | |
| with the VPC | |
| items: | |
| type: string | |
| type: array | |
| id: | |
| description: / ID is the ID of a VPC | |
| type: string | |
| primary-cidr: | |
| description: PrimaryCIDR is the primary CIDR of the | |
| VPC | |
| type: string | |
| type: object | |
| type: object | |
| description: ENIs is the list of ENIs on the node | |
| type: object | |
| type: object | |
| ipam: | |
| description: IPAM is the IPAM status of the node. | |
| properties: | |
| operator-status: | |
| description: Operator is the Operator status of the node | |
| properties: | |
| error: | |
| description: Error is the error message set by cilium-operator. | |
| type: string | |
| type: object | |
| release-ips: | |
| additionalProperties: | |
| description: IPReleaseStatus defines the valid states in | |
| IP release handshake | |
| enum: | |
| - marked-for-release | |
| - ready-for-release | |
| - do-not-release | |
| - released | |
| type: string | |
| description: 'ReleaseIPs tracks the state for every IP considered | |
| for release. value can be one of the following string : * | |
| marked-for-release : Set by operator as possible candidate | |
| for IP * ready-for-release : Acknowledged as safe to release | |
| by agent * do-not-release : IP already in use / not owned | |
| by the node. Set by agent * released : IP successfully | |
| released. Set by operator' | |
| type: object | |
| used: | |
| additionalProperties: | |
| description: AllocationIP is an IP which is available for | |
| allocation, or already has been allocated | |
| properties: | |
| owner: | |
| description: "Owner is the owner of the IP. This field | |
| is set if the IP has been allocated. It will be set | |
| to the pod name or another identifier representing the | |
| usage of the IP \n The owner field is left blank for | |
| an entry in Spec.IPAM.Pool and filled out as the IP | |
| is used and also added to Status.IPAM.Used." | |
| type: string | |
| resource: | |
| description: Resource is set for both available and allocated | |
| IPs, it represents what resource the IP is associated | |
| with, e.g. in combination with AWS ENI, this will refer | |
| to the ID of the ENI | |
| type: string | |
| type: object | |
| description: Used lists all IPs out of Spec.IPAM.Pool which | |
| have been allocated and are in use. | |
| type: object | |
| type: object | |
| type: object | |
| required: | |
| - metadata | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: CiliumNode | |
| listKind: CiliumNodeList | |
| plural: ciliumnodes | |
| shortNames: | |
| - cn | |
| - ciliumn | |
| singular: ciliumnode | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v2 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/component-name: managed-prometheus | |
| components.gke.io/component-version: 0.3.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.7.0 | |
| creationTimestamp: "2022-11-16T06:18:26Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: clusterpodmonitorings.monitoring.googleapis.com | |
| resourceVersion: "634" | |
| uid: 8b448374-0a89-4340-9a1b-968690e9231b | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: monitoring.googleapis.com | |
| names: | |
| kind: ClusterPodMonitoring | |
| listKind: ClusterPodMonitoringList | |
| plural: clusterpodmonitorings | |
| singular: clusterpodmonitoring | |
| scope: Cluster | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: ClusterPodMonitoring defines monitoring for a set of pods. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of desired Pod selection for target discovery | |
| by Prometheus. | |
| properties: | |
| endpoints: | |
| description: The endpoints to scrape on the selected pods. | |
| items: | |
| description: ScrapeEndpoint specifies a Prometheus metrics endpoint | |
| to scrape. | |
| properties: | |
| interval: | |
| description: Interval at which to scrape metrics. Must be | |
| a valid Prometheus duration. | |
| type: string | |
| metricRelabeling: | |
| description: Relabeling rules for metrics scraped from this | |
| endpoint. Relabeling rules that override protected target | |
| labels (project_id, location, cluster, namespace, job, instance, | |
| or __address__) are not permitted. The labelmap action is | |
| not permitted in general. | |
| items: | |
| description: RelabelingRule defines a single Prometheus | |
| relabeling rule. | |
| properties: | |
| action: | |
| description: Action to perform based on regex matching. | |
| Defaults to 'replace'. | |
| type: string | |
| modulus: | |
| description: Modulus to take of the hash of the source | |
| label values. | |
| format: int64 | |
| type: integer | |
| regex: | |
| description: Regular expression against which the extracted | |
| value is matched. Defaults to '(.*)'. | |
| type: string | |
| replacement: | |
| description: Replacement value against which a regex | |
| replace is performed if the regular expression matches. | |
| Regex capture groups are available. Defaults to '$1'. | |
| type: string | |
| separator: | |
| description: Separator placed between concatenated source | |
| label values. Defaults to ';'. | |
| type: string | |
| sourceLabels: | |
| description: The source labels select values from existing | |
| labels. Their content is concatenated using the configured | |
| separator and matched against the configured regular | |
| expression for the replace, keep, and drop actions. | |
| items: | |
| type: string | |
| type: array | |
| targetLabel: | |
| description: Label to which the resulting value is written | |
| in a replace action. It is mandatory for replace actions. | |
| Regex capture groups are available. | |
| type: string | |
| type: object | |
| type: array | |
| params: | |
| additionalProperties: | |
| items: | |
| type: string | |
| type: array | |
| description: HTTP GET params to use when scraping. | |
| type: object | |
| path: | |
| description: HTTP path to scrape metrics from. Defaults to | |
| "/metrics". | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to scrape. The container | |
| metadata label is only populated if the port is referenced | |
| by name because port numbers are not unique across containers. | |
| x-kubernetes-int-or-string: true | |
| proxyUrl: | |
| description: Proxy URL to scrape through. Encoded passwords | |
| are not supported. | |
| type: string | |
| scheme: | |
| description: Protocol scheme to use to scrape. | |
| type: string | |
| timeout: | |
| description: Timeout for metrics scrapes. Must be a valid | |
| Prometheus duration. Must not be larger then the scrape | |
| interval. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| type: array | |
| limits: | |
| description: Limits to apply at scrape time. | |
| properties: | |
| labelNameLength: | |
| description: Maximum label name length. Uses Prometheus default | |
| if left unspecified. | |
| format: int64 | |
| type: integer | |
| labelValueLength: | |
| description: Maximum label value length. Uses Prometheus default | |
| if left unspecified. | |
| format: int64 | |
| type: integer | |
| labels: | |
| description: Maximum number of labels accepted for a single | |
| sample. Uses Prometheus default if left unspecified. | |
| format: int64 | |
| type: integer | |
| samples: | |
| description: Maximum number of samples accepted within a single | |
| scrape. Uses Prometheus default if left unspecified. | |
| format: int64 | |
| type: integer | |
| type: object | |
| selector: | |
| description: Label selector that specifies which pods are selected | |
| for this monitoring configuration. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list of label selector requirements. | |
| The requirements are ANDed. | |
| items: | |
| description: A label selector requirement is a selector that | |
| contains values, a key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: key is the label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: operator represents a key's relationship | |
| to a set of values. Valid operators are In, NotIn, Exists | |
| and DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array of string values. If the | |
| operator is In or NotIn, the values array must be non-empty. | |
| If the operator is Exists or DoesNotExist, the values | |
| array must be empty. This array is replaced during a | |
| strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} pairs. A single | |
| {key,value} in the matchLabels map is equivalent to an element | |
| of matchExpressions, whose key field is "key", the operator | |
| is "In", and the values array contains only "value". The requirements | |
| are ANDed. | |
| type: object | |
| type: object | |
| targetLabels: | |
| description: Labels to add to the Prometheus target for discovered | |
| endpoints. The `instance` label is always set to `<pod_name>:<port>` | |
| or `<node_name>:<port>` if the scraped pod is controlled by a | |
| DaemonSet. | |
| properties: | |
| fromPod: | |
| description: Labels to transfer from the Kubernetes Pod to Prometheus | |
| target labels. Mappings are applied in order. | |
| items: | |
| description: LabelMapping specifies how to transfer a label | |
| from a Kubernetes resource onto a Prometheus target. | |
| properties: | |
| from: | |
| description: Kubenetes resource label to remap. | |
| type: string | |
| to: | |
| description: Remapped Prometheus target label. Defaults | |
| to the same name as `From`. | |
| type: string | |
| required: | |
| - from | |
| type: object | |
| type: array | |
| metadata: | |
| description: Pod metadata labels that are set on all scraped | |
| targets. Permitted keys are `pod`, `container`, and `node` | |
| for PodMonitoring and `pod`, `container`, `node`, and `namespace` | |
| for ClusterPodMonitoring. The `container` label is only populated | |
| if the scrape port is referenced by name. Defaults to [pod, | |
| container] for PodMonitoring and [namespace, pod, container] | |
| for ClusterPodMonitoring. If set to null, it will be interpreted | |
| as the empty list for PodMonitoring and to [namespace] for | |
| ClusterPodMonitoring. This is for backwards-compatibility | |
| only. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| required: | |
| - endpoints | |
| - selector | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| properties: | |
| conditions: | |
| description: Represents the latest available observations of a podmonitor's | |
| current state. | |
| items: | |
| description: MonitoringCondition describes a condition of a PodMonitoring. | |
| properties: | |
| lastTransitionTime: | |
| description: Last time the condition transitioned from one | |
| status to another. | |
| format: date-time | |
| type: string | |
| lastUpdateTime: | |
| description: The last time this condition was updated. | |
| format: date-time | |
| type: string | |
| message: | |
| description: A human-readable message indicating details about | |
| the transition. | |
| type: string | |
| reason: | |
| description: The reason for the condition's last transition. | |
| type: string | |
| status: | |
| description: Status of the condition, one of True, False, | |
| Unknown. | |
| type: string | |
| type: | |
| description: MonitoringConditionType is the type of MonitoringCondition. | |
| type: string | |
| required: | |
| - status | |
| - type | |
| type: object | |
| type: array | |
| observedGeneration: | |
| description: The generation observed by the controller. | |
| format: int64 | |
| type: integer | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: ClusterPodMonitoring defines monitoring for a set of pods. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of desired Pod selection for target discovery | |
| by Prometheus. | |
| properties: | |
| endpoints: | |
| description: The endpoints to scrape on the selected pods. | |
| items: | |
| description: ScrapeEndpoint specifies a Prometheus metrics endpoint | |
| to scrape. | |
| properties: | |
| interval: | |
| description: Interval at which to scrape metrics. Must be | |
| a valid Prometheus duration. | |
| type: string | |
| metricRelabeling: | |
| description: Relabeling rules for metrics scraped from this | |
| endpoint. Relabeling rules that override protected target | |
| labels (project_id, location, cluster, namespace, job, instance, | |
| or __address__) are not permitted. The labelmap action is | |
| not permitted in general. | |
| items: | |
| description: RelabelingRule defines a single Prometheus | |
| relabeling rule. | |
| properties: | |
| action: | |
| description: Action to perform based on regex matching. | |
| Defaults to 'replace'. | |
| type: string | |
| modulus: | |
| description: Modulus to take of the hash of the source | |
| label values. | |
| format: int64 | |
| type: integer | |
| regex: | |
| description: Regular expression against which the extracted | |
| value is matched. Defaults to '(.*)'. | |
| type: string | |
| replacement: | |
| description: Replacement value against which a regex | |
| replace is performed if the regular expression matches. | |
| Regex capture groups are available. Defaults to '$1'. | |
| type: string | |
| separator: | |
| description: Separator placed between concatenated source | |
| label values. Defaults to ';'. | |
| type: string | |
| sourceLabels: | |
| description: The source labels select values from existing | |
| labels. Their content is concatenated using the configured | |
| separator and matched against the configured regular | |
| expression for the replace, keep, and drop actions. | |
| items: | |
| type: string | |
| type: array | |
| targetLabel: | |
| description: Label to which the resulting value is written | |
| in a replace action. It is mandatory for replace actions. | |
| Regex capture groups are available. | |
| type: string | |
| type: object | |
| type: array | |
| params: | |
| additionalProperties: | |
| items: | |
| type: string | |
| type: array | |
| description: HTTP GET params to use when scraping. | |
| type: object | |
| path: | |
| description: HTTP path to scrape metrics from. Defaults to | |
| "/metrics". | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to scrape. | |
| x-kubernetes-int-or-string: true | |
| proxyUrl: | |
| description: Proxy URL to scrape through. Encoded passwords | |
| are not supported. | |
| type: string | |
| scheme: | |
| description: Protocol scheme to use to scrape. | |
| type: string | |
| timeout: | |
| description: Timeout for metrics scrapes. Must be a valid | |
| Prometheus duration. Must not be larger then the scrape | |
| interval. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| type: array | |
| limits: | |
| description: Limits to apply at scrape time. | |
| properties: | |
| labelNameLength: | |
| description: Maximum label name length. Uses Prometheus default | |
| if left unspecified. | |
| format: int64 | |
| type: integer | |
| labelValueLength: | |
| description: Maximum label value length. Uses Prometheus default | |
| if left unspecified. | |
| format: int64 | |
| type: integer | |
| labels: | |
| description: Maximum number of labels accepted for a single | |
| sample. Uses Prometheus default if left unspecified. | |
| format: int64 | |
| type: integer | |
| samples: | |
| description: Maximum number of samples accepted within a single | |
| scrape. Uses Prometheus default if left unspecified. | |
| format: int64 | |
| type: integer | |
| type: object | |
| selector: | |
| description: Label selector that specifies which pods are selected | |
| for this monitoring configuration. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list of label selector requirements. | |
| The requirements are ANDed. | |
| items: | |
| description: A label selector requirement is a selector that | |
| contains values, a key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: key is the label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: operator represents a key's relationship | |
| to a set of values. Valid operators are In, NotIn, Exists | |
| and DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array of string values. If the | |
| operator is In or NotIn, the values array must be non-empty. | |
| If the operator is Exists or DoesNotExist, the values | |
| array must be empty. This array is replaced during a | |
| strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} pairs. A single | |
| {key,value} in the matchLabels map is equivalent to an element | |
| of matchExpressions, whose key field is "key", the operator | |
| is "In", and the values array contains only "value". The requirements | |
| are ANDed. | |
| type: object | |
| type: object | |
| targetLabels: | |
| description: Labels to add to the Prometheus target for discovered | |
| endpoints | |
| properties: | |
| fromPod: | |
| description: Labels to transfer from the Kubernetes Pod to Prometheus | |
| target labels. Mappings are applied in order. | |
| items: | |
| description: LabelMapping specifies how to transfer a label | |
| from a Kubernetes resource onto a Prometheus target. | |
| properties: | |
| from: | |
| description: Kubenetes resource label to remap. | |
| type: string | |
| to: | |
| description: Remapped Prometheus target label. Defaults | |
| to the same name as `From`. | |
| type: string | |
| required: | |
| - from | |
| type: object | |
| type: array | |
| metadata: | |
| description: Pod metadata labels that are set on all scraped | |
| targets. Permitted keys are `pod`, `container`, and `node` | |
| for PodMonitoring and `pod`, `container`, `node`, and `namespace` | |
| for ClusterPodMonitoring. Defaults to [pod, container] for | |
| PodMonitoring and [namespace, pod, container] for ClusterPodMonitoring. | |
| If set to null, it will be interpreted as the empty list for | |
| PodMonitoring and to [namespace] for ClusterPodMonitoring. | |
| This is for backwards-compatibility only. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| required: | |
| - endpoints | |
| - selector | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| properties: | |
| conditions: | |
| description: Represents the latest available observations of a podmonitor's | |
| current state. | |
| items: | |
| description: MonitoringCondition describes a condition of a PodMonitoring. | |
| properties: | |
| lastTransitionTime: | |
| description: Last time the condition transitioned from one | |
| status to another. | |
| format: date-time | |
| type: string | |
| lastUpdateTime: | |
| description: The last time this condition was updated. | |
| format: date-time | |
| type: string | |
| message: | |
| description: A human-readable message indicating details about | |
| the transition. | |
| type: string | |
| reason: | |
| description: The reason for the condition's last transition. | |
| type: string | |
| status: | |
| description: Status of the condition, one of True, False, | |
| Unknown. | |
| type: string | |
| type: | |
| description: MonitoringConditionType is the type of MonitoringCondition. | |
| type: string | |
| required: | |
| - status | |
| - type | |
| type: object | |
| type: array | |
| observedGeneration: | |
| description: The generation observed by the controller. | |
| format: int64 | |
| type: integer | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: false | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: ClusterPodMonitoring | |
| listKind: ClusterPodMonitoringList | |
| plural: clusterpodmonitorings | |
| singular: clusterpodmonitoring | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:26Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:26Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/component-name: managed-prometheus | |
| components.gke.io/component-version: 0.3.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.7.0 | |
| creationTimestamp: "2022-11-16T06:18:26Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: clusterrules.monitoring.googleapis.com | |
| resourceVersion: "642" | |
| uid: 6d0b1c16-ad3c-4ec3-bf72-e63df8db236c | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: monitoring.googleapis.com | |
| names: | |
| kind: ClusterRules | |
| listKind: ClusterRulesList | |
| plural: clusterrules | |
| singular: clusterrules | |
| scope: Cluster | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: ClusterRules defines Prometheus alerting and recording rules | |
| that are scoped to the current cluster. Only metric data from the current | |
| cluster is processed and all rule results have their project_id and cluster | |
| label preserved for query processing. If the location label is not preserved | |
| by the rule, it defaults to the cluster's location. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of rules to record and alert on. | |
| properties: | |
| groups: | |
| description: A list of Prometheus rule groups. | |
| items: | |
| description: 'RuleGroup declares rules in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| interval: | |
| description: The interval at which to evaluate the rules. | |
| Must be a valid Prometheus duration. | |
| type: string | |
| name: | |
| description: The name of the rule group. | |
| type: string | |
| rules: | |
| description: A list of rules that are executed sequentially | |
| as part of this group. | |
| items: | |
| description: 'Rule is a single rule in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| alert: | |
| description: Name of the alert to evaluate the expression | |
| as. Only one of `record` and `alert` must be set. | |
| type: string | |
| annotations: | |
| additionalProperties: | |
| type: string | |
| description: A set of annotations to attach to alerts | |
| produced by the query expression. Only valid if `alert` | |
| is set. | |
| type: object | |
| expr: | |
| description: The PromQL expression to evaluate. | |
| type: string | |
| for: | |
| description: The duration to wait before a firing alert | |
| produced by this rule is sent to Alertmanager. Only | |
| valid if `alert` is set. | |
| type: string | |
| labels: | |
| additionalProperties: | |
| type: string | |
| description: A set of labels to attach to the result | |
| of the query expression. | |
| type: object | |
| record: | |
| description: Record the result of the expression to | |
| this metric name. Only one of `record` and `alert` | |
| must be set. | |
| type: string | |
| required: | |
| - expr | |
| type: object | |
| type: array | |
| required: | |
| - interval | |
| - name | |
| - rules | |
| type: object | |
| type: array | |
| required: | |
| - groups | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: ClusterRules defines Prometheus alerting and recording rules | |
| that are scoped to the current cluster. Only metric data from the current | |
| cluster is processed and all rule results have their project_id and cluster | |
| label preserved for query processing. If the location label is not preserved | |
| by the rule, it defaults to the cluster's location. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of rules to record and alert on. | |
| properties: | |
| groups: | |
| description: A list of Prometheus rule groups. | |
| items: | |
| description: 'RuleGroup declares rules in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| interval: | |
| description: The interval at which to evaluate the rules. | |
| Must be a valid Prometheus duration. | |
| type: string | |
| name: | |
| description: The name of the rule group. | |
| type: string | |
| rules: | |
| description: A list of rules that are executed sequentially | |
| as part of this group. | |
| items: | |
| description: 'Rule is a single rule in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| alert: | |
| description: Name of the alert to evaluate the expression | |
| as. Only one of `record` and `alert` must be set. | |
| type: string | |
| annotations: | |
| additionalProperties: | |
| type: string | |
| description: A set of annotations to attach to alerts | |
| produced by the query expression. Only valid if `alert` | |
| is set. | |
| type: object | |
| expr: | |
| description: The PromQL expression to evaluate. | |
| type: string | |
| for: | |
| description: The duration to wait before a firing alert | |
| produced by this rule is sent to Alertmanager. Only | |
| valid if `alert` is set. | |
| type: string | |
| labels: | |
| additionalProperties: | |
| type: string | |
| description: A set of labels to attach to the result | |
| of the query expression. | |
| type: object | |
| record: | |
| description: Record the result of the expression to | |
| this metric name. Only one of `record` and `alert` | |
| must be set. | |
| type: string | |
| required: | |
| - expr | |
| type: object | |
| type: array | |
| required: | |
| - interval | |
| - name | |
| - rules | |
| type: object | |
| type: array | |
| required: | |
| - groups | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: false | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: ClusterRules | |
| listKind: ClusterRulesList | |
| plural: clusterrules | |
| singular: clusterrules | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:26Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:26Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:21:49Z" | |
| generation: 1 | |
| name: egressnatpolicies.networking.gke.io | |
| resourceVersion: "3496" | |
| uid: 8c82266c-92d4-493a-b54e-b4eb48b4f2bb | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: networking.gke.io | |
| names: | |
| kind: EgressNATPolicy | |
| listKind: EgressNATPolicyList | |
| plural: egressnatpolicies | |
| singular: egressnatpolicy | |
| scope: Cluster | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: EgressNATPolicy is the Schema for the egressnatpolicies API. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: EgressNATPolicySpec defines the desired state of EgressNATPolicy. | |
| properties: | |
| action: | |
| default: "" | |
| description: The action to apply to selected egress traffic. | |
| type: string | |
| destinations: | |
| description: Destinations represents the rules of destination IP | |
| filtering for the EgressNATPolicy. If the destination IP matches | |
| any one rule, it will be selected. | |
| items: | |
| description: DestinationRule represents a destination IP filter | |
| for the EgressNATPolicy. | |
| properties: | |
| cidr: | |
| description: One of the following should be set. Clients which | |
| observe no value here will ignore this rule. | |
| type: string | |
| type: object | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| required: | |
| - destinations | |
| - action | |
| type: object | |
| status: | |
| description: EgressNATPolicyStatus defines the observed state of EgressNATPolicy. | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: EgressNATPolicy | |
| listKind: EgressNATPolicyList | |
| plural: egressnatpolicies | |
| singular: egressnatpolicy | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:21:49Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:21:49Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:37Z" | |
| generation: 1 | |
| name: frontendconfigs.networking.gke.io | |
| resourceVersion: "819" | |
| uid: 32f54583-b6ed-47cd-a0eb-2f75910ab03a | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: networking.gke.io | |
| names: | |
| kind: FrontendConfig | |
| listKind: FrontendConfigList | |
| plural: frontendconfigs | |
| singular: frontendconfig | |
| scope: Namespaced | |
| versions: | |
| - name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: FrontendConfigSpec is the spec for a FrontendConfig resource | |
| properties: | |
| redirectToHttps: | |
| description: HttpsRedirectConfig representing the configuration | |
| of Https redirects | |
| properties: | |
| enabled: | |
| default: false | |
| type: boolean | |
| responseCodeName: | |
| description: String representing the HTTP response code Options | |
| are MOVED_PERMANENTLY_DEFAULT, FOUND, TEMPORARY_REDIRECT, | |
| or PERMANENT_REDIRECT | |
| type: string | |
| required: | |
| - enabled | |
| type: object | |
| sslPolicy: | |
| type: string | |
| type: object | |
| status: | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: FrontendConfig | |
| listKind: FrontendConfigList | |
| plural: frontendconfigs | |
| singular: frontendconfig | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:37Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:37Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1beta1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/component-name: managed-prometheus | |
| components.gke.io/component-version: 0.3.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.7.0 | |
| creationTimestamp: "2022-11-16T06:18:26Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: globalrules.monitoring.googleapis.com | |
| resourceVersion: "648" | |
| uid: 2b1e8d75-c77f-4b58-8663-8d2afad1b3cc | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: monitoring.googleapis.com | |
| names: | |
| kind: GlobalRules | |
| listKind: GlobalRulesList | |
| plural: globalrules | |
| singular: globalrules | |
| scope: Cluster | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: GlobalRules defines Prometheus alerting and recording rules | |
| that are scoped to all data in the queried project. If the project_id | |
| or location labels are not preserved by the rule, they default to the | |
| values of the cluster. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of rules to record and alert on. | |
| properties: | |
| groups: | |
| description: A list of Prometheus rule groups. | |
| items: | |
| description: 'RuleGroup declares rules in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| interval: | |
| description: The interval at which to evaluate the rules. | |
| Must be a valid Prometheus duration. | |
| type: string | |
| name: | |
| description: The name of the rule group. | |
| type: string | |
| rules: | |
| description: A list of rules that are executed sequentially | |
| as part of this group. | |
| items: | |
| description: 'Rule is a single rule in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| alert: | |
| description: Name of the alert to evaluate the expression | |
| as. Only one of `record` and `alert` must be set. | |
| type: string | |
| annotations: | |
| additionalProperties: | |
| type: string | |
| description: A set of annotations to attach to alerts | |
| produced by the query expression. Only valid if `alert` | |
| is set. | |
| type: object | |
| expr: | |
| description: The PromQL expression to evaluate. | |
| type: string | |
| for: | |
| description: The duration to wait before a firing alert | |
| produced by this rule is sent to Alertmanager. Only | |
| valid if `alert` is set. | |
| type: string | |
| labels: | |
| additionalProperties: | |
| type: string | |
| description: A set of labels to attach to the result | |
| of the query expression. | |
| type: object | |
| record: | |
| description: Record the result of the expression to | |
| this metric name. Only one of `record` and `alert` | |
| must be set. | |
| type: string | |
| required: | |
| - expr | |
| type: object | |
| type: array | |
| required: | |
| - interval | |
| - name | |
| - rules | |
| type: object | |
| type: array | |
| required: | |
| - groups | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: GlobalRules defines Prometheus alerting and recording rules | |
| that are scoped to all data in the queried project. If the project_id | |
| or location labels are not preserved by the rule, they default to the | |
| values of the cluster. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of rules to record and alert on. | |
| properties: | |
| groups: | |
| description: A list of Prometheus rule groups. | |
| items: | |
| description: 'RuleGroup declares rules in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| interval: | |
| description: The interval at which to evaluate the rules. | |
| Must be a valid Prometheus duration. | |
| type: string | |
| name: | |
| description: The name of the rule group. | |
| type: string | |
| rules: | |
| description: A list of rules that are executed sequentially | |
| as part of this group. | |
| items: | |
| description: 'Rule is a single rule in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| alert: | |
| description: Name of the alert to evaluate the expression | |
| as. Only one of `record` and `alert` must be set. | |
| type: string | |
| annotations: | |
| additionalProperties: | |
| type: string | |
| description: A set of annotations to attach to alerts | |
| produced by the query expression. Only valid if `alert` | |
| is set. | |
| type: object | |
| expr: | |
| description: The PromQL expression to evaluate. | |
| type: string | |
| for: | |
| description: The duration to wait before a firing alert | |
| produced by this rule is sent to Alertmanager. Only | |
| valid if `alert` is set. | |
| type: string | |
| labels: | |
| additionalProperties: | |
| type: string | |
| description: A set of labels to attach to the result | |
| of the query expression. | |
| type: object | |
| record: | |
| description: Record the result of the expression to | |
| this metric name. Only one of `record` and `alert` | |
| must be set. | |
| type: string | |
| required: | |
| - expr | |
| type: object | |
| type: array | |
| required: | |
| - interval | |
| - name | |
| - rules | |
| type: object | |
| type: array | |
| required: | |
| - groups | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: false | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: GlobalRules | |
| listKind: GlobalRulesList | |
| plural: globalrules | |
| singular: globalrules | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:26Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:26Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/component-name: managedcertificates | |
| components.gke.io/component-version: 2.3.1 | |
| components.gke.io/layer: addon | |
| creationTimestamp: "2022-11-16T06:18:34Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: managedcertificates.networking.gke.io | |
| resourceVersion: "766" | |
| uid: 65dbced2-cc8c-45a2-ae29-3ccf42848404 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: networking.gke.io | |
| names: | |
| kind: ManagedCertificate | |
| listKind: ManagedCertificateList | |
| plural: managedcertificates | |
| shortNames: | |
| - mcrt | |
| singular: managedcertificate | |
| scope: Namespaced | |
| versions: | |
| - deprecated: true | |
| deprecationWarning: networking.gke.io/v1beta1 ManagedCertificate is deprecated; | |
| please migrate to networking.gke.io/v1 ManagedCertificate | |
| name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| spec: | |
| properties: | |
| domains: | |
| items: | |
| maxLength: 63 | |
| pattern: ^(([a-z0-9]+|[a-z0-9][-a-z0-9]*[a-z0-9])\.)+[a-z][-a-z0-9]*[a-z0-9]$ | |
| type: string | |
| maxItems: 1 | |
| type: array | |
| type: object | |
| status: | |
| properties: | |
| certificateName: | |
| type: string | |
| certificateStatus: | |
| type: string | |
| domainStatus: | |
| items: | |
| properties: | |
| domain: | |
| type: string | |
| status: | |
| type: string | |
| required: | |
| - domain | |
| - status | |
| type: object | |
| type: array | |
| expireTime: | |
| format: date-time | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: false | |
| - deprecated: true | |
| deprecationWarning: networking.gke.io/v1beta2 ManagedCertificate is deprecated; | |
| please migrate to networking.gke.io/v1 ManagedCertificate | |
| name: v1beta2 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| spec: | |
| properties: | |
| domains: | |
| items: | |
| maxLength: 63 | |
| pattern: ^(([a-z0-9]+|[a-z0-9][-a-z0-9]*[a-z0-9])\.)+[a-z][-a-z0-9]*[a-z0-9]$ | |
| type: string | |
| maxItems: 100 | |
| type: array | |
| type: object | |
| status: | |
| properties: | |
| certificateName: | |
| type: string | |
| certificateStatus: | |
| type: string | |
| domainStatus: | |
| items: | |
| properties: | |
| domain: | |
| type: string | |
| status: | |
| type: string | |
| required: | |
| - domain | |
| - status | |
| type: object | |
| type: array | |
| expireTime: | |
| format: date-time | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: false | |
| - additionalPrinterColumns: | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| - description: Status of the managed certificate | |
| jsonPath: .status.certificateStatus | |
| name: Status | |
| type: string | |
| name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| spec: | |
| properties: | |
| domains: | |
| items: | |
| maxLength: 63 | |
| pattern: ^(([a-z0-9]+|[a-z0-9][-a-z0-9]*[a-z0-9])\.)+[a-z][-a-z0-9]*[a-z0-9]$ | |
| type: string | |
| maxItems: 100 | |
| type: array | |
| type: object | |
| status: | |
| properties: | |
| certificateName: | |
| type: string | |
| certificateStatus: | |
| type: string | |
| domainStatus: | |
| items: | |
| properties: | |
| domain: | |
| type: string | |
| status: | |
| type: string | |
| required: | |
| - domain | |
| - status | |
| type: object | |
| type: array | |
| expireTime: | |
| format: date-time | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: ManagedCertificate | |
| listKind: ManagedCertificateList | |
| plural: managedcertificates | |
| shortNames: | |
| - mcrt | |
| singular: managedcertificate | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:34Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:34Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| bundling-component: gke-common-webhooks | |
| components.gke.io/layer: addon | |
| creationTimestamp: "2022-11-16T06:18:14Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: EnsureExists | |
| hub.gke.io/system: "true" | |
| name: memberships.hub.gke.io | |
| resourceVersion: "469" | |
| uid: f6101515-f242-44b5-a6ac-edbf6dec427f | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: hub.gke.io | |
| names: | |
| kind: Membership | |
| listKind: MembershipList | |
| plural: memberships | |
| singular: membership | |
| scope: Cluster | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| metadata: | |
| properties: | |
| name: | |
| pattern: ^(membership|test-.*)$ | |
| type: string | |
| type: object | |
| spec: | |
| properties: | |
| identity_provider: | |
| description: Name of the Identity Provider corresponding to this | |
| Membership. This is useful for workloads running in this cluster | |
| to use Workload Identity. | |
| type: string | |
| owner: | |
| properties: | |
| id: | |
| description: Fully qualified name of the GCP resource that owns | |
| the cluster. Should be immutable. | |
| type: string | |
| type: object | |
| workload_identity_pool: | |
| description: Name of the Workload Identity Pool that this Membership | |
| is part of. This will be of the form proj-id.svc.id.goog. This | |
| is useful for workloads running in this cluster to use Workload | |
| Identity. | |
| type: string | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| - name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| metadata: | |
| properties: | |
| name: | |
| pattern: ^(membership|test-.*)$ | |
| type: string | |
| type: object | |
| spec: | |
| properties: | |
| identity_provider: | |
| description: Name of the Identity Provider corresponding to this | |
| Membership. This is useful for workloads running in this cluster | |
| to use Workload Identity. | |
| type: string | |
| owner: | |
| properties: | |
| id: | |
| description: Fully qualified name of the GCP resource that owns | |
| the cluster. Should be immutable. | |
| type: string | |
| type: object | |
| workload_identity_pool: | |
| description: Name of the Workload Identity Pool that this Membership | |
| is part of. This will be of the form proj-id.svc.id.goog. This | |
| is useful for workloads running in this cluster to use Workload | |
| Identity. | |
| type: string | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: false | |
| storage: false | |
| status: | |
| acceptedNames: | |
| kind: Membership | |
| listKind: MembershipList | |
| plural: memberships | |
| singular: membership | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:14Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:14Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/layer: addon | |
| creationTimestamp: "2022-11-16T06:19:01Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: multidimpodautoscalers.autoscaling.gke.io | |
| resourceVersion: "1196" | |
| uid: e048274b-8b36-45c5-80ab-7682f18ed8b9 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: autoscaling.gke.io | |
| names: | |
| kind: MultidimPodAutoscaler | |
| listKind: MultidimPodAutoscalerList | |
| plural: multidimpodautoscalers | |
| shortNames: | |
| - mpa | |
| singular: multidimpodautoscaler | |
| scope: Namespaced | |
| versions: | |
| - name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| spec: | |
| properties: | |
| constraints: | |
| properties: | |
| container: | |
| items: | |
| properties: | |
| name: | |
| type: string | |
| requests: | |
| properties: | |
| maxAllowed: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| minAllowed: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| type: object | |
| type: object | |
| type: array | |
| containerControlledResources: | |
| items: | |
| enum: | |
| - memory | |
| type: string | |
| type: array | |
| global: | |
| properties: | |
| maxReplicas: | |
| minimum: 0 | |
| type: integer | |
| minReplicas: | |
| default: 1 | |
| minimum: 0 | |
| type: integer | |
| requests: | |
| properties: | |
| maxAllowed: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| minAllowed: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| type: object | |
| type: object | |
| pod: | |
| properties: | |
| requests: | |
| properties: | |
| maxAllowed: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| minAllowed: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| type: object | |
| type: object | |
| required: | |
| - containerControlledResources | |
| type: object | |
| goals: | |
| properties: | |
| metrics: | |
| items: | |
| properties: | |
| resource: | |
| properties: | |
| name: | |
| enum: | |
| - cpu | |
| type: string | |
| target: | |
| properties: | |
| averageUtilization: | |
| maximum: 100 | |
| minimum: 0 | |
| type: integer | |
| averageValue: | |
| x-kubernetes-int-or-string: true | |
| type: | |
| enum: | |
| - Utilization | |
| - Value | |
| - AverageValue | |
| type: string | |
| value: | |
| x-kubernetes-int-or-string: true | |
| type: object | |
| required: | |
| - name | |
| - target | |
| type: object | |
| type: | |
| enum: | |
| - Resource | |
| type: string | |
| required: | |
| - type | |
| - resource | |
| type: object | |
| type: array | |
| required: | |
| - metrics | |
| type: object | |
| policy: | |
| properties: | |
| updateMode: | |
| enum: | |
| - Auto | |
| type: string | |
| type: object | |
| scaleTargetRef: | |
| properties: | |
| apiVersion: | |
| type: string | |
| kind: | |
| type: string | |
| name: | |
| type: string | |
| type: object | |
| required: | |
| - scaleTargetRef | |
| - goals | |
| - constraints | |
| type: object | |
| status: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: MultidimPodAutoscaler | |
| listKind: MultidimPodAutoscalerList | |
| plural: multidimpodautoscalers | |
| shortNames: | |
| - mpa | |
| singular: multidimpodautoscaler | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:19:01Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:19:01Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1beta1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/layer: addon | |
| creationTimestamp: "2022-11-16T06:18:01Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: networkloggings.networking.gke.io | |
| resourceVersion: "167453" | |
| uid: e6bcaf03-8293-4133-9507-a69caaaf509c | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: networking.gke.io | |
| names: | |
| kind: NetworkLogging | |
| listKind: NetworkLoggingList | |
| plural: networkloggings | |
| shortNames: | |
| - nl | |
| singular: networklogging | |
| scope: Cluster | |
| versions: | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: NetworkLogging describes the specification used by network | |
| logging. | |
| properties: | |
| metadata: | |
| properties: | |
| name: | |
| pattern: ^default$ | |
| type: string | |
| type: object | |
| spec: | |
| description: Spec is the desired configuration for network logging. | |
| properties: | |
| cluster: | |
| description: Cluster specifies the log options for cluster-level | |
| network logging. | |
| properties: | |
| allow: | |
| description: Allow specifies the log action for policy-allowed | |
| connections. | |
| properties: | |
| delegate: | |
| description: Delegate can only be true if Log is true. Log:false, | |
| Delegate:true is invalid. If Delegate is true, logging | |
| will be controlled by the annotation of matching network | |
| policies. | |
| type: boolean | |
| log: | |
| description: Log specifies if logging is enabled or not. | |
| The default value is false. | |
| type: boolean | |
| type: object | |
| deny: | |
| description: Deny specifies the log action for policy-denied | |
| connections. | |
| properties: | |
| delegate: | |
| description: Delegate can only be true if Log is true. Log:false, | |
| Delegate:true is invalid. If Delegate is true, logging | |
| will be controlled by the annotation of the pod's namespace. | |
| type: boolean | |
| log: | |
| description: Log specifies if logging is enabled or not. | |
| The default value is false. | |
| type: boolean | |
| type: object | |
| type: object | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: NetworkLogging | |
| listKind: NetworkLoggingList | |
| plural: networkloggings | |
| shortNames: | |
| - nl | |
| singular: networklogging | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:01Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1alpha1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/component-name: managed-prometheus | |
| components.gke.io/component-version: 0.3.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.7.0 | |
| creationTimestamp: "2022-11-16T06:18:27Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: operatorconfigs.monitoring.googleapis.com | |
| resourceVersion: "651" | |
| uid: 74c21554-9baa-4ad7-ab49-7d3d600e6dee | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: monitoring.googleapis.com | |
| names: | |
| kind: OperatorConfig | |
| listKind: OperatorConfigList | |
| plural: operatorconfigs | |
| singular: operatorconfig | |
| scope: Namespaced | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: OperatorConfig defines configuration of the gmp-operator. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| collection: | |
| description: Collection specifies how the operator configures collection. | |
| properties: | |
| compression: | |
| description: Compression enables compression of metrics collection | |
| data | |
| enum: | |
| - none | |
| - gzip | |
| type: string | |
| credentials: | |
| description: A reference to GCP service account credentials with | |
| which Prometheus collectors are run. It needs to have metric write | |
| permissions for all project IDs to which data is written. Within | |
| GKE, this can typically be left empty if the compute default service | |
| account has the required permissions. | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must be | |
| a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| externalLabels: | |
| additionalProperties: | |
| type: string | |
| description: ExternalLabels specifies external labels that are attached | |
| to all scraped data before being written to Cloud Monitoring. | |
| The precedence behavior matches that of Prometheus. | |
| type: object | |
| filter: | |
| description: Filter limits which metric data is sent to Cloud Monitoring. | |
| properties: | |
| matchOneOf: | |
| description: "A list Prometheus time series matchers. Every | |
| time series must match at least one of the matchers to be | |
| exported. This field can be used equivalently to the match[] | |
| parameter of the Prometheus federation endpoint to selectively | |
| export data. \n Example: `[\"{job!='foobar'}\", \"{__name__!~'container_foo.*|container_bar.*'}\"]`" | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| kubeletScraping: | |
| description: Configuration to scrape the metric endpoints of the | |
| Kubelets. | |
| properties: | |
| interval: | |
| description: The interval at which the metric endpoints are | |
| scraped. | |
| type: string | |
| required: | |
| - interval | |
| type: object | |
| type: object | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| managedAlertmanager: | |
| default: | |
| configSecret: | |
| key: alertmanager.yaml | |
| name: alertmanager | |
| description: ManagedAlertmanager holds information for configuring the | |
| managed instance of Alertmanager. | |
| properties: | |
| configSecret: | |
| description: ConfigSecret refers to the name of a single-key Secret | |
| in the public namespace that holds the managed Alertmanager config | |
| file. | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must be | |
| a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| metadata: | |
| type: object | |
| rules: | |
| description: Rules specifies how the operator configures and deployes | |
| rule-evaluator. | |
| properties: | |
| alerting: | |
| description: Alerting contains how the rule-evaluator configures | |
| alerting. | |
| properties: | |
| alertmanagers: | |
| description: Alertmanagers contains endpoint configuration for | |
| designated Alertmanagers. | |
| items: | |
| description: AlertmanagerEndpoints defines a selection of | |
| a single Endpoints object containing alertmanager IPs to | |
| fire alerts against. | |
| properties: | |
| apiVersion: | |
| description: Version of the Alertmanager API that rule-evaluator | |
| uses to send alerts. It can be "v1" or "v2". | |
| type: string | |
| authorization: | |
| description: Authorization section for this alertmanager | |
| endpoint | |
| properties: | |
| credentials: | |
| description: The secret's key that contains the credentials | |
| of the request | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must | |
| be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its | |
| key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: | |
| description: Set the authentication type. Defaults | |
| to Bearer, Basic will cause an error | |
| type: string | |
| type: object | |
| name: | |
| description: Name of Endpoints object in Namespace. | |
| type: string | |
| namespace: | |
| description: Namespace of Endpoints object. | |
| type: string | |
| pathPrefix: | |
| description: Prefix for the HTTP path alerts are pushed | |
| to. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Port the Alertmanager API is exposed on. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use when firing alerts. | |
| type: string | |
| timeout: | |
| description: Timeout is a per-target Alertmanager timeout | |
| when pushing alerts. | |
| type: string | |
| tls: | |
| description: TLS Config to use for alertmanager connection. | |
| properties: | |
| ca: | |
| description: Struct containing the CA cert to use | |
| for the targets. | |
| properties: | |
| configMap: | |
| description: ConfigMap containing data to use | |
| for the targets. | |
| properties: | |
| key: | |
| description: The key to select. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap | |
| or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| secret: | |
| description: Secret containing data to use for | |
| the targets. | |
| properties: | |
| key: | |
| description: The key of the secret to select | |
| from. Must be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or | |
| its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| cert: | |
| description: Struct containing the client cert file | |
| for the targets. | |
| properties: | |
| configMap: | |
| description: ConfigMap containing data to use | |
| for the targets. | |
| properties: | |
| key: | |
| description: The key to select. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap | |
| or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| secret: | |
| description: Secret containing data to use for | |
| the targets. | |
| properties: | |
| key: | |
| description: The key of the secret to select | |
| from. Must be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or | |
| its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| insecureSkipVerify: | |
| description: Disable target certificate validation. | |
| type: boolean | |
| keySecret: | |
| description: Secret containing the client key file | |
| for the targets. | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must | |
| be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its | |
| key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| serverName: | |
| description: Used to verify the hostname for the targets. | |
| type: string | |
| type: object | |
| required: | |
| - name | |
| - namespace | |
| - port | |
| type: object | |
| type: array | |
| type: object | |
| credentials: | |
| description: A reference to GCP service account credentials with | |
| which the rule evaluator container is run. It needs to have metric | |
| read permissions against queryProjectId and metric write permissions | |
| against all projects to which rule results are written. Within | |
| GKE, this can typically be left empty if the compute default service | |
| account has the required permissions. | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must be | |
| a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| externalLabels: | |
| additionalProperties: | |
| type: string | |
| description: ExternalLabels specifies external labels that are attached | |
| to any rule results and alerts produced by rules. The precedence | |
| behavior matches that of Prometheus. | |
| type: object | |
| generatorUrl: | |
| description: The base URL used for the generator URL in the alert | |
| notification payload. Should point to an instance of a query frontend | |
| that gives access to queryProjectID. | |
| type: string | |
| queryProjectID: | |
| description: QueryProjectID is the GCP project ID to evaluate rules | |
| against. If left blank, the rule-evaluator will try attempt to | |
| infer the Project ID from the environment. | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: OperatorConfig defines configuration of the gmp-operator. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| collection: | |
| description: Collection specifies how the operator configures collection. | |
| properties: | |
| credentials: | |
| description: A reference to GCP service account credentials with | |
| which Prometheus collectors are run. It needs to have metric write | |
| permissions for all project IDs to which data is written. Within | |
| GKE, this can typically be left empty if the compute default service | |
| account has the required permissions. | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must be | |
| a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| externalLabels: | |
| additionalProperties: | |
| type: string | |
| description: ExternalLabels specifies external labels that are attached | |
| to all scraped data before being written to Cloud Monitoring. | |
| The precedence behavior matches that of Prometheus. | |
| type: object | |
| filter: | |
| description: Filter limits which metric data is sent to Cloud Monitoring. | |
| properties: | |
| matchOneOf: | |
| description: "A list Prometheus time series matchers. Every | |
| time series must match at least one of the matchers to be | |
| exported. This field can be used equivalently to the match[] | |
| parameter of the Prometheus federation endpoint to selectively | |
| export data. \n Example: `[\"{job='prometheus'}\", \"{__name__=~'job:.*'}\"]`" | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| type: object | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| rules: | |
| description: Rules specifies how the operator configures and deployes | |
| rule-evaluator. | |
| properties: | |
| alerting: | |
| description: Alerting contains how the rule-evaluator configures | |
| alerting. | |
| properties: | |
| alertmanagers: | |
| description: Alertmanagers contains endpoint configuration for | |
| designated Alertmanagers. | |
| items: | |
| description: AlertmanagerEndpoints defines a selection of | |
| a single Endpoints object containing alertmanager IPs to | |
| fire alerts against. | |
| properties: | |
| apiVersion: | |
| description: Version of the Alertmanager API that rule-evaluator | |
| uses to send alerts. It can be "v1" or "v2". | |
| type: string | |
| authorization: | |
| description: Authorization section for this alertmanager | |
| endpoint | |
| properties: | |
| credentials: | |
| description: The secret's key that contains the credentials | |
| of the request | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must | |
| be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its | |
| key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: | |
| description: Set the authentication type. Defaults | |
| to Bearer, Basic will cause an error | |
| type: string | |
| type: object | |
| name: | |
| description: Name of Endpoints object in Namespace. | |
| type: string | |
| namespace: | |
| description: Namespace of Endpoints object. | |
| type: string | |
| pathPrefix: | |
| description: Prefix for the HTTP path alerts are pushed | |
| to. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Port the Alertmanager API is exposed on. | |
| x-kubernetes-int-or-string: true | |
| scheme: | |
| description: Scheme to use when firing alerts. | |
| type: string | |
| timeout: | |
| description: Timeout is a per-target Alertmanager timeout | |
| when pushing alerts. | |
| type: string | |
| tls: | |
| description: TLS Config to use for alertmanager connection. | |
| properties: | |
| ca: | |
| description: Struct containing the CA cert to use | |
| for the targets. | |
| properties: | |
| configMap: | |
| description: ConfigMap containing data to use | |
| for the targets. | |
| properties: | |
| key: | |
| description: The key to select. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap | |
| or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| secret: | |
| description: Secret containing data to use for | |
| the targets. | |
| properties: | |
| key: | |
| description: The key of the secret to select | |
| from. Must be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or | |
| its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| cert: | |
| description: Struct containing the client cert file | |
| for the targets. | |
| properties: | |
| configMap: | |
| description: ConfigMap containing data to use | |
| for the targets. | |
| properties: | |
| key: | |
| description: The key to select. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the ConfigMap | |
| or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| secret: | |
| description: Secret containing data to use for | |
| the targets. | |
| properties: | |
| key: | |
| description: The key of the secret to select | |
| from. Must be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or | |
| its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| insecureSkipVerify: | |
| description: Disable target certificate validation. | |
| type: boolean | |
| keySecret: | |
| description: Secret containing the client key file | |
| for the targets. | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must | |
| be a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, | |
| uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its | |
| key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| serverName: | |
| description: Used to verify the hostname for the targets. | |
| type: string | |
| type: object | |
| required: | |
| - name | |
| - namespace | |
| - port | |
| type: object | |
| type: array | |
| type: object | |
| credentials: | |
| description: A reference to GCP service account credentials with | |
| which the rule evaluator container is run. It needs to have metric | |
| read permissions against queryProjectId and metric write permissions | |
| against all projects to which rule results are written. Within | |
| GKE, this can typically be left empty if the compute default service | |
| account has the required permissions. | |
| properties: | |
| key: | |
| description: The key of the secret to select from. Must be | |
| a valid secret key. | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, kind, uid?' | |
| type: string | |
| optional: | |
| description: Specify whether the Secret or its key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| externalLabels: | |
| additionalProperties: | |
| type: string | |
| description: ExternalLabels specifies external labels that are attached | |
| to any rule results and alerts produced by rules. The precedence | |
| behavior matches that of Prometheus. | |
| type: object | |
| queryProjectID: | |
| description: QueryProjectID is the GCP project ID to evaluate rules | |
| against. If left blank, the rule-evaluator will try attempt to | |
| infer the Project ID from the environment. | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: false | |
| status: | |
| acceptedNames: | |
| kind: OperatorConfig | |
| listKind: OperatorConfigList | |
| plural: operatorconfigs | |
| singular: operatorconfig | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:27Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:27Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/component-name: managed-prometheus | |
| components.gke.io/component-version: 0.3.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.7.0 | |
| creationTimestamp: "2022-11-16T06:18:27Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: podmonitorings.monitoring.googleapis.com | |
| resourceVersion: "654" | |
| uid: a838c87b-fe66-47af-9200-858a1aeb2678 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: monitoring.googleapis.com | |
| names: | |
| kind: PodMonitoring | |
| listKind: PodMonitoringList | |
| plural: podmonitorings | |
| singular: podmonitoring | |
| scope: Namespaced | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: PodMonitoring defines monitoring for a set of pods. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of desired Pod selection for target discovery | |
| by Prometheus. | |
| properties: | |
| endpoints: | |
| description: The endpoints to scrape on the selected pods. | |
| items: | |
| description: ScrapeEndpoint specifies a Prometheus metrics endpoint | |
| to scrape. | |
| properties: | |
| interval: | |
| description: Interval at which to scrape metrics. Must be | |
| a valid Prometheus duration. | |
| type: string | |
| metricRelabeling: | |
| description: Relabeling rules for metrics scraped from this | |
| endpoint. Relabeling rules that override protected target | |
| labels (project_id, location, cluster, namespace, job, instance, | |
| or __address__) are not permitted. The labelmap action is | |
| not permitted in general. | |
| items: | |
| description: RelabelingRule defines a single Prometheus | |
| relabeling rule. | |
| properties: | |
| action: | |
| description: Action to perform based on regex matching. | |
| Defaults to 'replace'. | |
| type: string | |
| modulus: | |
| description: Modulus to take of the hash of the source | |
| label values. | |
| format: int64 | |
| type: integer | |
| regex: | |
| description: Regular expression against which the extracted | |
| value is matched. Defaults to '(.*)'. | |
| type: string | |
| replacement: | |
| description: Replacement value against which a regex | |
| replace is performed if the regular expression matches. | |
| Regex capture groups are available. Defaults to '$1'. | |
| type: string | |
| separator: | |
| description: Separator placed between concatenated source | |
| label values. Defaults to ';'. | |
| type: string | |
| sourceLabels: | |
| description: The source labels select values from existing | |
| labels. Their content is concatenated using the configured | |
| separator and matched against the configured regular | |
| expression for the replace, keep, and drop actions. | |
| items: | |
| type: string | |
| type: array | |
| targetLabel: | |
| description: Label to which the resulting value is written | |
| in a replace action. It is mandatory for replace actions. | |
| Regex capture groups are available. | |
| type: string | |
| type: object | |
| type: array | |
| params: | |
| additionalProperties: | |
| items: | |
| type: string | |
| type: array | |
| description: HTTP GET params to use when scraping. | |
| type: object | |
| path: | |
| description: HTTP path to scrape metrics from. Defaults to | |
| "/metrics". | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to scrape. The container | |
| metadata label is only populated if the port is referenced | |
| by name because port numbers are not unique across containers. | |
| x-kubernetes-int-or-string: true | |
| proxyUrl: | |
| description: Proxy URL to scrape through. Encoded passwords | |
| are not supported. | |
| type: string | |
| scheme: | |
| description: Protocol scheme to use to scrape. | |
| type: string | |
| timeout: | |
| description: Timeout for metrics scrapes. Must be a valid | |
| Prometheus duration. Must not be larger then the scrape | |
| interval. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| type: array | |
| limits: | |
| description: Limits to apply at scrape time. | |
| properties: | |
| labelNameLength: | |
| description: Maximum label name length. Uses Prometheus default | |
| if left unspecified. | |
| format: int64 | |
| type: integer | |
| labelValueLength: | |
| description: Maximum label value length. Uses Prometheus default | |
| if left unspecified. | |
| format: int64 | |
| type: integer | |
| labels: | |
| description: Maximum number of labels accepted for a single | |
| sample. Uses Prometheus default if left unspecified. | |
| format: int64 | |
| type: integer | |
| samples: | |
| description: Maximum number of samples accepted within a single | |
| scrape. Uses Prometheus default if left unspecified. | |
| format: int64 | |
| type: integer | |
| type: object | |
| selector: | |
| description: Label selector that specifies which pods are selected | |
| for this monitoring configuration. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list of label selector requirements. | |
| The requirements are ANDed. | |
| items: | |
| description: A label selector requirement is a selector that | |
| contains values, a key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: key is the label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: operator represents a key's relationship | |
| to a set of values. Valid operators are In, NotIn, Exists | |
| and DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array of string values. If the | |
| operator is In or NotIn, the values array must be non-empty. | |
| If the operator is Exists or DoesNotExist, the values | |
| array must be empty. This array is replaced during a | |
| strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} pairs. A single | |
| {key,value} in the matchLabels map is equivalent to an element | |
| of matchExpressions, whose key field is "key", the operator | |
| is "In", and the values array contains only "value". The requirements | |
| are ANDed. | |
| type: object | |
| type: object | |
| targetLabels: | |
| description: Labels to add to the Prometheus target for discovered | |
| endpoints. The `instance` label is always set to `<pod_name>:<port>` | |
| or `<node_name>:<port>` if the scraped pod is controlled by a | |
| DaemonSet. | |
| properties: | |
| fromPod: | |
| description: Labels to transfer from the Kubernetes Pod to Prometheus | |
| target labels. Mappings are applied in order. | |
| items: | |
| description: LabelMapping specifies how to transfer a label | |
| from a Kubernetes resource onto a Prometheus target. | |
| properties: | |
| from: | |
| description: Kubenetes resource label to remap. | |
| type: string | |
| to: | |
| description: Remapped Prometheus target label. Defaults | |
| to the same name as `From`. | |
| type: string | |
| required: | |
| - from | |
| type: object | |
| type: array | |
| metadata: | |
| description: Pod metadata labels that are set on all scraped | |
| targets. Permitted keys are `pod`, `container`, and `node` | |
| for PodMonitoring and `pod`, `container`, `node`, and `namespace` | |
| for ClusterPodMonitoring. The `container` label is only populated | |
| if the scrape port is referenced by name. Defaults to [pod, | |
| container] for PodMonitoring and [namespace, pod, container] | |
| for ClusterPodMonitoring. If set to null, it will be interpreted | |
| as the empty list for PodMonitoring and to [namespace] for | |
| ClusterPodMonitoring. This is for backwards-compatibility | |
| only. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| required: | |
| - endpoints | |
| - selector | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| properties: | |
| conditions: | |
| description: Represents the latest available observations of a podmonitor's | |
| current state. | |
| items: | |
| description: MonitoringCondition describes a condition of a PodMonitoring. | |
| properties: | |
| lastTransitionTime: | |
| description: Last time the condition transitioned from one | |
| status to another. | |
| format: date-time | |
| type: string | |
| lastUpdateTime: | |
| description: The last time this condition was updated. | |
| format: date-time | |
| type: string | |
| message: | |
| description: A human-readable message indicating details about | |
| the transition. | |
| type: string | |
| reason: | |
| description: The reason for the condition's last transition. | |
| type: string | |
| status: | |
| description: Status of the condition, one of True, False, | |
| Unknown. | |
| type: string | |
| type: | |
| description: MonitoringConditionType is the type of MonitoringCondition. | |
| type: string | |
| required: | |
| - status | |
| - type | |
| type: object | |
| type: array | |
| observedGeneration: | |
| description: The generation observed by the controller. | |
| format: int64 | |
| type: integer | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: PodMonitoring defines monitoring for a set of pods. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of desired Pod selection for target discovery | |
| by Prometheus. | |
| properties: | |
| endpoints: | |
| description: The endpoints to scrape on the selected pods. | |
| items: | |
| description: ScrapeEndpoint specifies a Prometheus metrics endpoint | |
| to scrape. | |
| properties: | |
| interval: | |
| description: Interval at which to scrape metrics. Must be | |
| a valid Prometheus duration. | |
| type: string | |
| metricRelabeling: | |
| description: Relabeling rules for metrics scraped from this | |
| endpoint. Relabeling rules that override protected target | |
| labels (project_id, location, cluster, namespace, job, instance, | |
| or __address__) are not permitted. The labelmap action is | |
| not permitted in general. | |
| items: | |
| description: RelabelingRule defines a single Prometheus | |
| relabeling rule. | |
| properties: | |
| action: | |
| description: Action to perform based on regex matching. | |
| Defaults to 'replace'. | |
| type: string | |
| modulus: | |
| description: Modulus to take of the hash of the source | |
| label values. | |
| format: int64 | |
| type: integer | |
| regex: | |
| description: Regular expression against which the extracted | |
| value is matched. Defaults to '(.*)'. | |
| type: string | |
| replacement: | |
| description: Replacement value against which a regex | |
| replace is performed if the regular expression matches. | |
| Regex capture groups are available. Defaults to '$1'. | |
| type: string | |
| separator: | |
| description: Separator placed between concatenated source | |
| label values. Defaults to ';'. | |
| type: string | |
| sourceLabels: | |
| description: The source labels select values from existing | |
| labels. Their content is concatenated using the configured | |
| separator and matched against the configured regular | |
| expression for the replace, keep, and drop actions. | |
| items: | |
| type: string | |
| type: array | |
| targetLabel: | |
| description: Label to which the resulting value is written | |
| in a replace action. It is mandatory for replace actions. | |
| Regex capture groups are available. | |
| type: string | |
| type: object | |
| type: array | |
| params: | |
| additionalProperties: | |
| items: | |
| type: string | |
| type: array | |
| description: HTTP GET params to use when scraping. | |
| type: object | |
| path: | |
| description: HTTP path to scrape metrics from. Defaults to | |
| "/metrics". | |
| type: string | |
| port: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| description: Name or number of the port to scrape. | |
| x-kubernetes-int-or-string: true | |
| proxyUrl: | |
| description: Proxy URL to scrape through. Encoded passwords | |
| are not supported. | |
| type: string | |
| scheme: | |
| description: Protocol scheme to use to scrape. | |
| type: string | |
| timeout: | |
| description: Timeout for metrics scrapes. Must be a valid | |
| Prometheus duration. Must not be larger then the scrape | |
| interval. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| type: array | |
| limits: | |
| description: Limits to apply at scrape time. | |
| properties: | |
| labelNameLength: | |
| description: Maximum label name length. Uses Prometheus default | |
| if left unspecified. | |
| format: int64 | |
| type: integer | |
| labelValueLength: | |
| description: Maximum label value length. Uses Prometheus default | |
| if left unspecified. | |
| format: int64 | |
| type: integer | |
| labels: | |
| description: Maximum number of labels accepted for a single | |
| sample. Uses Prometheus default if left unspecified. | |
| format: int64 | |
| type: integer | |
| samples: | |
| description: Maximum number of samples accepted within a single | |
| scrape. Uses Prometheus default if left unspecified. | |
| format: int64 | |
| type: integer | |
| type: object | |
| selector: | |
| description: Label selector that specifies which pods are selected | |
| for this monitoring configuration. | |
| properties: | |
| matchExpressions: | |
| description: matchExpressions is a list of label selector requirements. | |
| The requirements are ANDed. | |
| items: | |
| description: A label selector requirement is a selector that | |
| contains values, a key, and an operator that relates the | |
| key and values. | |
| properties: | |
| key: | |
| description: key is the label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: operator represents a key's relationship | |
| to a set of values. Valid operators are In, NotIn, Exists | |
| and DoesNotExist. | |
| type: string | |
| values: | |
| description: values is an array of string values. If the | |
| operator is In or NotIn, the values array must be non-empty. | |
| If the operator is Exists or DoesNotExist, the values | |
| array must be empty. This array is replaced during a | |
| strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: matchLabels is a map of {key,value} pairs. A single | |
| {key,value} in the matchLabels map is equivalent to an element | |
| of matchExpressions, whose key field is "key", the operator | |
| is "In", and the values array contains only "value". The requirements | |
| are ANDed. | |
| type: object | |
| type: object | |
| targetLabels: | |
| description: Labels to add to the Prometheus target for discovered | |
| endpoints. | |
| properties: | |
| fromPod: | |
| description: Labels to transfer from the Kubernetes Pod to Prometheus | |
| target labels. Mappings are applied in order. | |
| items: | |
| description: LabelMapping specifies how to transfer a label | |
| from a Kubernetes resource onto a Prometheus target. | |
| properties: | |
| from: | |
| description: Kubenetes resource label to remap. | |
| type: string | |
| to: | |
| description: Remapped Prometheus target label. Defaults | |
| to the same name as `From`. | |
| type: string | |
| required: | |
| - from | |
| type: object | |
| type: array | |
| metadata: | |
| description: Pod metadata labels that are set on all scraped | |
| targets. Permitted keys are `pod`, `container`, and `node` | |
| for PodMonitoring and `pod`, `container`, `node`, and `namespace` | |
| for ClusterPodMonitoring. Defaults to [pod, container] for | |
| PodMonitoring and [namespace, pod, container] for ClusterPodMonitoring. | |
| If set to null, it will be interpreted as the empty list for | |
| PodMonitoring and to [namespace] for ClusterPodMonitoring. | |
| This is for backwards-compatibility only. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| required: | |
| - endpoints | |
| - selector | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| properties: | |
| conditions: | |
| description: Represents the latest available observations of a podmonitor's | |
| current state. | |
| items: | |
| description: MonitoringCondition describes a condition of a PodMonitoring. | |
| properties: | |
| lastTransitionTime: | |
| description: Last time the condition transitioned from one | |
| status to another. | |
| format: date-time | |
| type: string | |
| lastUpdateTime: | |
| description: The last time this condition was updated. | |
| format: date-time | |
| type: string | |
| message: | |
| description: A human-readable message indicating details about | |
| the transition. | |
| type: string | |
| reason: | |
| description: The reason for the condition's last transition. | |
| type: string | |
| status: | |
| description: Status of the condition, one of True, False, | |
| Unknown. | |
| type: string | |
| type: | |
| description: MonitoringConditionType is the type of MonitoringCondition. | |
| type: string | |
| required: | |
| - status | |
| - type | |
| type: object | |
| type: array | |
| observedGeneration: | |
| description: The generation observed by the controller. | |
| format: int64 | |
| type: integer | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: false | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: PodMonitoring | |
| listKind: PodMonitoringList | |
| plural: podmonitorings | |
| singular: podmonitoring | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:27Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:27Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/layer: addon | |
| creationTimestamp: "2022-11-16T06:18:02Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: redirectservices.networking.gke.io | |
| resourceVersion: "167459" | |
| uid: 78f651d9-1de3-4e6b-b659-e6e24dfd3409 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: networking.gke.io | |
| names: | |
| kind: RedirectService | |
| listKind: RedirectServiceList | |
| plural: redirectservices | |
| shortNames: | |
| - rds | |
| singular: redirectservice | |
| scope: Namespaced | |
| versions: | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: GoogleRedirectService describes the specification used by redirect | |
| services on GKE. | |
| properties: | |
| metadata: | |
| properties: | |
| name: | |
| pattern: ^default$ | |
| type: string | |
| type: object | |
| spec: | |
| description: Spec is the desired configuration for Google redirect service. | |
| properties: | |
| redirect: | |
| description: redirect specifies a redirection operation. | |
| properties: | |
| provider: | |
| description: Provider of the original service. | |
| enum: | |
| - kube-dns | |
| - cloud-dns | |
| minLength: 1 | |
| type: string | |
| type: | |
| description: Type of service that needs redirection. | |
| enum: | |
| - nodelocaldns | |
| minLength: 1 | |
| type: string | |
| type: object | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: RedirectService | |
| listKind: RedirectServiceList | |
| plural: redirectservices | |
| shortNames: | |
| - rds | |
| singular: redirectservice | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:02Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1alpha1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/component-name: managed-prometheus | |
| components.gke.io/component-version: 0.3.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.7.0 | |
| creationTimestamp: "2022-11-16T06:18:27Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: rules.monitoring.googleapis.com | |
| resourceVersion: "662" | |
| uid: 82e39010-1a26-4f42-9b2e-20dc6740a84a | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: monitoring.googleapis.com | |
| names: | |
| kind: Rules | |
| listKind: RulesList | |
| plural: rules | |
| singular: rules | |
| scope: Namespaced | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: Rules defines Prometheus alerting and recording rules that | |
| are scoped to the namespace of the resource. Only metric data from this | |
| namespace is processed and all rule results have their project_id, cluster, | |
| and namespace label preserved for query processing. If the location label | |
| is not preserved by the rule, it defaults to the cluster's location. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of rules to record and alert on. | |
| properties: | |
| groups: | |
| description: A list of Prometheus rule groups. | |
| items: | |
| description: 'RuleGroup declares rules in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| interval: | |
| description: The interval at which to evaluate the rules. | |
| Must be a valid Prometheus duration. | |
| type: string | |
| name: | |
| description: The name of the rule group. | |
| type: string | |
| rules: | |
| description: A list of rules that are executed sequentially | |
| as part of this group. | |
| items: | |
| description: 'Rule is a single rule in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| alert: | |
| description: Name of the alert to evaluate the expression | |
| as. Only one of `record` and `alert` must be set. | |
| type: string | |
| annotations: | |
| additionalProperties: | |
| type: string | |
| description: A set of annotations to attach to alerts | |
| produced by the query expression. Only valid if `alert` | |
| is set. | |
| type: object | |
| expr: | |
| description: The PromQL expression to evaluate. | |
| type: string | |
| for: | |
| description: The duration to wait before a firing alert | |
| produced by this rule is sent to Alertmanager. Only | |
| valid if `alert` is set. | |
| type: string | |
| labels: | |
| additionalProperties: | |
| type: string | |
| description: A set of labels to attach to the result | |
| of the query expression. | |
| type: object | |
| record: | |
| description: Record the result of the expression to | |
| this metric name. Only one of `record` and `alert` | |
| must be set. | |
| type: string | |
| required: | |
| - expr | |
| type: object | |
| type: array | |
| required: | |
| - interval | |
| - name | |
| - rules | |
| type: object | |
| type: array | |
| required: | |
| - groups | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: Rules defines Prometheus alerting and recording rules that | |
| are scoped to the namespace of the resource. Only metric data from this | |
| namespace is processed and all rule results have their project_id, cluster, | |
| and namespace label preserved for query processing. If the location label | |
| is not preserved by the rule, it defaults to the cluster's location. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: Specification of rules to record and alert on. | |
| properties: | |
| groups: | |
| description: A list of Prometheus rule groups. | |
| items: | |
| description: 'RuleGroup declares rules in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| interval: | |
| description: The interval at which to evaluate the rules. | |
| Must be a valid Prometheus duration. | |
| type: string | |
| name: | |
| description: The name of the rule group. | |
| type: string | |
| rules: | |
| description: A list of rules that are executed sequentially | |
| as part of this group. | |
| items: | |
| description: 'Rule is a single rule in the Prometheus format: | |
| https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/' | |
| properties: | |
| alert: | |
| description: Name of the alert to evaluate the expression | |
| as. Only one of `record` and `alert` must be set. | |
| type: string | |
| annotations: | |
| additionalProperties: | |
| type: string | |
| description: A set of annotations to attach to alerts | |
| produced by the query expression. Only valid if `alert` | |
| is set. | |
| type: object | |
| expr: | |
| description: The PromQL expression to evaluate. | |
| type: string | |
| for: | |
| description: The duration to wait before a firing alert | |
| produced by this rule is sent to Alertmanager. Only | |
| valid if `alert` is set. | |
| type: string | |
| labels: | |
| additionalProperties: | |
| type: string | |
| description: A set of labels to attach to the result | |
| of the query expression. | |
| type: object | |
| record: | |
| description: Record the result of the expression to | |
| this metric name. Only one of `record` and `alert` | |
| must be set. | |
| type: string | |
| required: | |
| - expr | |
| type: object | |
| type: array | |
| required: | |
| - interval | |
| - name | |
| - rules | |
| type: object | |
| type: array | |
| required: | |
| - groups | |
| type: object | |
| status: | |
| description: Most recently observed status of the resource. | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: false | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: Rules | |
| listKind: RulesList | |
| plural: rules | |
| singular: rules | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:27Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:27Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:38Z" | |
| generation: 1 | |
| name: serviceattachments.networking.gke.io | |
| resourceVersion: "852" | |
| uid: 4e597e55-a414-4709-8af0-18d7583e9c3b | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: networking.gke.io | |
| names: | |
| kind: ServiceAttachment | |
| listKind: ServiceAttachmentList | |
| plural: serviceattachments | |
| singular: serviceattachment | |
| scope: Namespaced | |
| versions: | |
| - name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: ServiceAttachment represents a Service Attachment associated | |
| with a service/ingress/gateway class | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: ServiceAttachmentSpec is the spec for a ServiceAttachment | |
| resource | |
| properties: | |
| connectionPreference: | |
| description: ConnectionPreference determines how consumers are accepted. | |
| type: string | |
| consumerAllowList: | |
| description: ConsumerAllowList is list of consumer projects that | |
| should be allow listed for this ServiceAttachment | |
| items: | |
| description: ConsumerProject is the consumer project and project | |
| level configuration | |
| properties: | |
| connectionLimit: | |
| description: ConnectionLimit is the connection limit for this | |
| Consumer project | |
| format: int64 | |
| type: integer | |
| forceSendFields: | |
| description: ForceSendFields is a list of field names (e.g. | |
| "ConnectionLimit") to unconditionally include in API requests. | |
| By default, fields with empty values are omitted from API | |
| requests. However, any non-pointer, non-interface field | |
| appearing in ForceSendFields will be sent to the server | |
| regardless of whether the field is empty or not. This may | |
| be used to include empty fields in Patch requests. | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| nullFields: | |
| description: NullFields is a list of field names (e.g. "ConnectionLimit") | |
| to include in API requests with the JSON null value. By | |
| default, fields with empty values are omitted from API requests. | |
| However, any field with an empty value appearing in NullFields | |
| will be sent to the server as null. It is an error if a | |
| field in this list has a non-empty value. This may be used | |
| to include null fields in Patch requests. | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| project: | |
| description: Project is the project id or number for the project | |
| to set the limit for. | |
| type: string | |
| type: object | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| consumerRejectList: | |
| description: ConsumerRejectList is the list of Consumer Project | |
| IDs or Numbers that should be rejected for this ServiceAttachment | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| natSubnets: | |
| description: NATSubnets contains the list of subnet names for PSC | |
| or nat subnet resource urls | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| proxyProtocol: | |
| description: ProxyProtocol when set will expose client information | |
| TCP/IP information | |
| type: boolean | |
| resourceRef: | |
| description: ResourceRef is the reference to the K8s resource that | |
| created the forwarding rule Only Services can be used as a reference | |
| properties: | |
| apiGroup: | |
| description: APIGroup is the group for the resource being referenced. | |
| If APIGroup is not specified, the specified Kind must be in | |
| the core API group. For any other third-party types, APIGroup | |
| is required. | |
| type: string | |
| kind: | |
| description: Kind is the type of resource being referenced | |
| type: string | |
| name: | |
| description: Name is the name of resource being referenced | |
| type: string | |
| required: | |
| - kind | |
| - name | |
| type: object | |
| type: object | |
| status: | |
| description: ServiceAttachmentStatus is the status for a ServiceAttachment | |
| resource | |
| properties: | |
| consumerForwardingRules: | |
| description: Consumer Forwarding Rules using ts Service Attachment | |
| items: | |
| description: ConsumerForwardingRule is a reference to the PSC | |
| consumer forwarding rule | |
| properties: | |
| forwardingRuleURL: | |
| description: Forwarding rule consumer created to use ServiceAttachment | |
| type: string | |
| status: | |
| description: Status of consumer forwarding rule | |
| type: string | |
| type: object | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| forwardingRuleURL: | |
| description: ForwardingRuleURL is the URL to the GCE Forwarding | |
| Rule resource the Service Attachment points to | |
| type: string | |
| lastModifiedTimestamp: | |
| description: LastModifiedTimestamp tracks last time Status was updated | |
| format: date-time | |
| nullable: true | |
| type: string | |
| serviceAttachmentURL: | |
| description: ServiceAttachmentURL is the URL for the GCE Service | |
| Attachment resource | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| - deprecated: true | |
| name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| description: ServiceAttachment represents a Service Attachment associated | |
| with a service/ingress/gateway class | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: ServiceAttachmentSpec is the spec for a ServiceAttachment | |
| resource | |
| properties: | |
| connectionPreference: | |
| description: ConnectionPreference determines how consumers are accepted. | |
| type: string | |
| consumerAllowList: | |
| description: ConsumerAllowList is list of consumer projects that | |
| should be allow listed for this ServiceAttachment | |
| items: | |
| description: ConsumerProject is the consumer project and project | |
| level configuration | |
| properties: | |
| connectionLimit: | |
| description: ConnectionLimit is the connection limit for this | |
| Consumer project | |
| format: int64 | |
| type: integer | |
| forceSendFields: | |
| description: ForceSendFields is a list of field names (e.g. | |
| "ConnectionLimit") to unconditionally include in API requests. | |
| By default, fields with empty values are omitted from API | |
| requests. However, any non-pointer, non-interface field | |
| appearing in ForceSendFields will be sent to the server | |
| regardless of whether the field is empty or not. This may | |
| be used to include empty fields in Patch requests. | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| nullFields: | |
| description: NullFields is a list of field names (e.g. "ConnectionLimit") | |
| to include in API requests with the JSON null value. By | |
| default, fields with empty values are omitted from API requests. | |
| However, any field with an empty value appearing in NullFields | |
| will be sent to the server as null. It is an error if a | |
| field in this list has a non-empty value. This may be used | |
| to include null fields in Patch requests. | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| project: | |
| description: Project is the project id or number for the project | |
| to set the limit for. | |
| type: string | |
| type: object | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| consumerRejectList: | |
| description: ConsumerRejectList is the list of Consumer Project | |
| IDs or Numbers that should be rejected for this ServiceAttachment | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| natSubnets: | |
| description: NATSubnets contains the list of subnet names for PSC | |
| or nat subnet resource urls | |
| items: | |
| default: "" | |
| type: string | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| proxyProtocol: | |
| description: ProxyProtocol when set will expose client information | |
| TCP/IP information | |
| type: boolean | |
| resourceRef: | |
| description: ResourceRef is the reference to the K8s resource that | |
| created the forwarding rule Only Services can be used as a reference | |
| properties: | |
| apiGroup: | |
| description: APIGroup is the group for the resource being referenced. | |
| If APIGroup is not specified, the specified Kind must be in | |
| the core API group. For any other third-party types, APIGroup | |
| is required. | |
| type: string | |
| kind: | |
| description: Kind is the type of resource being referenced | |
| type: string | |
| name: | |
| description: Name is the name of resource being referenced | |
| type: string | |
| required: | |
| - kind | |
| - name | |
| type: object | |
| type: object | |
| status: | |
| description: ServiceAttachmentStatus is the status for a ServiceAttachment | |
| resource | |
| properties: | |
| consumerForwardingRules: | |
| description: Consumer Forwarding Rules using ts Service Attachment | |
| items: | |
| description: ConsumerForwardingRule is a reference to the PSC | |
| consumer forwarding rule | |
| properties: | |
| forwardingRuleURL: | |
| description: Forwarding rule consumer created to use ServiceAttachment | |
| type: string | |
| status: | |
| description: Status of consumer forwarding rule | |
| type: string | |
| type: object | |
| type: array | |
| x-kubernetes-list-type: atomic | |
| forwardingRuleURL: | |
| description: ForwardingRuleURL is the URL to the GCE Forwarding | |
| Rule resource the Service Attachment points to | |
| type: string | |
| lastModifiedTimestamp: | |
| description: LastModifiedTimestamp tracks last time Status was updated | |
| format: date-time | |
| nullable: true | |
| type: string | |
| serviceAttachmentURL: | |
| description: ServiceAttachmentURL is the URL for the GCE Service | |
| Attachment resource | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: false | |
| status: | |
| acceptedNames: | |
| kind: ServiceAttachment | |
| listKind: ServiceAttachmentList | |
| plural: serviceattachments | |
| singular: serviceattachment | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:38Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:38Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| creationTimestamp: "2022-11-16T06:18:38Z" | |
| generation: 1 | |
| name: servicenetworkendpointgroups.networking.gke.io | |
| resourceVersion: "848" | |
| uid: 08c1b7c5-c9c6-4a01-97a4-b9fb87c884fb | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: networking.gke.io | |
| names: | |
| kind: ServiceNetworkEndpointGroup | |
| listKind: ServiceNetworkEndpointGroupList | |
| plural: servicenetworkendpointgroups | |
| shortNames: | |
| - svcneg | |
| singular: servicenetworkendpointgroup | |
| scope: Namespaced | |
| versions: | |
| - name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| type: object | |
| status: | |
| description: ServiceNetworkEndpointGroupStatus is the status for a ServiceNetworkEndpointGroup | |
| resource | |
| properties: | |
| conditions: | |
| description: Last time the NEG syncer syncs associated NEGs. | |
| items: | |
| description: NegCondition contains details for the current condition | |
| of this NEG. | |
| properties: | |
| lastTransitionTime: | |
| description: Last time the condition transitioned from one | |
| status to another. | |
| format: date-time | |
| nullable: true | |
| type: string | |
| message: | |
| default: "" | |
| description: A human readable message indicating details about | |
| the transition. This field may be empty. | |
| type: string | |
| observedGeneration: | |
| description: ObservedGeneration will not be set for ServiceNetworkEndpointGroup | |
| as the spec is empty. | |
| format: int64 | |
| type: integer | |
| reason: | |
| default: "" | |
| description: The reason for the condition's last transition | |
| type: string | |
| status: | |
| default: "" | |
| description: Status of the condition, one of True, False, | |
| Unknown. | |
| type: string | |
| type: | |
| default: "" | |
| description: Type is the type of the condition. | |
| type: string | |
| required: | |
| - type | |
| - status | |
| - lastTransitionTime | |
| - reason | |
| - message | |
| type: object | |
| type: array | |
| x-kubernetes-list-map-keys: | |
| - type | |
| x-kubernetes-list-type: map | |
| lastSyncTime: | |
| description: Last time the NEG syncer syncs associated NEGs. | |
| format: date-time | |
| nullable: true | |
| type: string | |
| networkEndpointGroups: | |
| items: | |
| description: NegObjectReference is the object reference to the | |
| NEG resource in GCE | |
| properties: | |
| id: | |
| default: "" | |
| description: The unique identifier for the NEG resource in | |
| GCE API. | |
| type: string | |
| networkEndpointType: | |
| description: 'NetworkEndpointType: Type of network endpoints | |
| in this network endpoint group.' | |
| type: string | |
| selfLink: | |
| description: SelfLink is the GCE Server-defined fully-qualified | |
| URL for the GCE NEG resource | |
| type: string | |
| required: | |
| - id | |
| type: object | |
| type: array | |
| x-kubernetes-list-map-keys: | |
| - id | |
| x-kubernetes-list-type: map | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: ServiceNetworkEndpointGroup | |
| listKind: ServiceNetworkEndpointGroupList | |
| plural: servicenetworkendpointgroups | |
| shortNames: | |
| - svcneg | |
| singular: servicenetworkendpointgroup | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:38Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:38Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1beta1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| components.gke.io/component-name: updateinfo-crd | |
| components.gke.io/component-version: 1.1.1 | |
| creationTimestamp: "2022-11-16T06:18:57Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: updateinfos.nodemanagement.gke.io | |
| resourceVersion: "167793" | |
| uid: 6d0e5283-d389-484c-8f05-9012933d9380 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: nodemanagement.gke.io | |
| names: | |
| kind: UpdateInfo | |
| listKind: UpdateInfoList | |
| plural: updateinfos | |
| shortNames: | |
| - updinf | |
| singular: updateinfo | |
| scope: Namespaced | |
| versions: | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| properties: | |
| spec: | |
| properties: | |
| Type: | |
| type: string | |
| instanceGroupUrl: | |
| type: string | |
| surgeNode: | |
| type: string | |
| targetNode: | |
| type: string | |
| validUntil: | |
| format: date-time | |
| type: string | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| status: | |
| acceptedNames: | |
| kind: UpdateInfo | |
| listKind: UpdateInfoList | |
| plural: updateinfos | |
| shortNames: | |
| - updinf | |
| singular: updateinfo | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:57Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:57Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1alpha1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| api-approved.kubernetes.io: https://github.com/kubernetes/kubernetes/pull/63797 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.4.0 | |
| creationTimestamp: "2022-11-16T06:19:03Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: verticalpodautoscalers.autoscaling.k8s.io | |
| resourceVersion: "167838" | |
| uid: fe020ea7-94cc-4b0b-9bc7-94069f140234 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: autoscaling.k8s.io | |
| names: | |
| kind: VerticalPodAutoscaler | |
| listKind: VerticalPodAutoscalerList | |
| plural: verticalpodautoscalers | |
| shortNames: | |
| - vpa | |
| singular: verticalpodautoscaler | |
| scope: Namespaced | |
| versions: | |
| - additionalPrinterColumns: | |
| - jsonPath: .spec.updatePolicy.updateMode | |
| name: Mode | |
| type: string | |
| - jsonPath: .status.recommendation.containerRecommendations[0].target.cpu | |
| name: CPU | |
| type: string | |
| - jsonPath: .status.recommendation.containerRecommendations[0].target.memory | |
| name: Mem | |
| type: string | |
| - jsonPath: .status.conditions[?(@.type=='RecommendationProvided')].status | |
| name: Provided | |
| type: string | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: VerticalPodAutoscaler is the configuration for a vertical pod | |
| autoscaler, which automatically manages pod resources based on historical | |
| and real time resource utilization. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: 'Specification of the behavior of the autoscaler. More | |
| info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.' | |
| properties: | |
| recommenders: | |
| description: Recommender responsible for generating recommendation | |
| for this object. List should be empty (then the default recommender | |
| will generate the recommendation) or contain exactly one recommender. | |
| items: | |
| description: VerticalPodAutoscalerRecommenderSelector points to | |
| a specific Vertical Pod Autoscaler recommender. In the future | |
| it might pass parameters to the recommender. | |
| properties: | |
| name: | |
| description: Name of the recommender responsible for generating | |
| recommendation for this object. | |
| type: string | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| resourcePolicy: | |
| description: Controls how the autoscaler computes recommended resources. | |
| The resource policy may be used to set constraints on the recommendations | |
| for individual containers. If not specified, the autoscaler computes | |
| recommended resources for all containers in the pod, without additional | |
| constraints. | |
| properties: | |
| containerPolicies: | |
| description: Per-container resource policies. | |
| items: | |
| description: ContainerResourcePolicy controls how autoscaler | |
| computes the recommended resources for a specific container. | |
| properties: | |
| containerName: | |
| description: Name of the container or DefaultContainerResourcePolicy, | |
| in which case the policy is used by the containers that | |
| don't have their own policy specified. | |
| type: string | |
| controlledResources: | |
| description: Specifies the type of recommendations that | |
| will be computed (and possibly applied) by VPA. If not | |
| specified, the default of [ResourceCPU, ResourceMemory] | |
| will be used. | |
| items: | |
| description: ResourceName is the name identifying various | |
| resources in a ResourceList. | |
| type: string | |
| type: array | |
| controlledValues: | |
| description: Specifies which resource values should be | |
| controlled. The default is "RequestsAndLimits". | |
| enum: | |
| - RequestsAndLimits | |
| - RequestsOnly | |
| type: string | |
| maxAllowed: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Specifies the maximum amount of resources | |
| that will be recommended for the container. The default | |
| is no maximum. | |
| type: object | |
| minAllowed: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Specifies the minimal amount of resources | |
| that will be recommended for the container. The default | |
| is no minimum. | |
| type: object | |
| mode: | |
| description: Whether autoscaler is enabled for the container. | |
| The default is "Auto". | |
| enum: | |
| - Auto | |
| - "Off" | |
| type: string | |
| type: object | |
| type: array | |
| type: object | |
| targetRef: | |
| description: TargetRef points to the controller managing the set | |
| of pods for the autoscaler to control - e.g. Deployment, StatefulSet. | |
| VerticalPodAutoscaler can be targeted at controller implementing | |
| scale subresource (the pod set is retrieved from the controller's | |
| ScaleStatus) or some well known controllers (e.g. for DaemonSet | |
| the pod set is read from the controller's spec). If VerticalPodAutoscaler | |
| cannot use specified target it will report ConfigUnsupported condition. | |
| Note that VerticalPodAutoscaler does not require full implementation | |
| of scale subresource - it will not use it to modify the replica | |
| count. The only thing retrieved is a label selector matching pods | |
| grouped by the target resource. | |
| properties: | |
| apiVersion: | |
| description: API version of the referent | |
| type: string | |
| kind: | |
| description: 'Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' | |
| type: string | |
| name: | |
| description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' | |
| type: string | |
| required: | |
| - kind | |
| - name | |
| type: object | |
| updatePolicy: | |
| description: Describes the rules on how changes are applied to the | |
| pods. If not specified, all fields in the `PodUpdatePolicy` are | |
| set to their default values. | |
| properties: | |
| minReplicas: | |
| description: Minimal number of replicas which need to be alive | |
| for Updater to attempt pod eviction (pending other checks | |
| like PDB). Only positive values are allowed. Overrides global | |
| '--min-replicas' flag. | |
| format: int32 | |
| type: integer | |
| updateMode: | |
| description: Controls when autoscaler applies changes to the | |
| pod resources. The default is 'Auto'. | |
| enum: | |
| - "Off" | |
| - Initial | |
| - Recreate | |
| - Auto | |
| type: string | |
| type: object | |
| required: | |
| - targetRef | |
| type: object | |
| status: | |
| description: Current information about the autoscaler. | |
| properties: | |
| conditions: | |
| description: Conditions is the set of conditions required for this | |
| autoscaler to scale its target, and indicates whether or not those | |
| conditions are met. | |
| items: | |
| description: VerticalPodAutoscalerCondition describes the state | |
| of a VerticalPodAutoscaler at a certain point. | |
| properties: | |
| lastTransitionTime: | |
| description: lastTransitionTime is the last time the condition | |
| transitioned from one status to another | |
| format: date-time | |
| type: string | |
| message: | |
| description: message is a human-readable explanation containing | |
| details about the transition | |
| type: string | |
| reason: | |
| description: reason is the reason for the condition's last | |
| transition. | |
| type: string | |
| status: | |
| description: status is the status of the condition (True, | |
| False, Unknown) | |
| type: string | |
| type: | |
| description: type describes the current condition | |
| type: string | |
| required: | |
| - status | |
| - type | |
| type: object | |
| type: array | |
| recommendation: | |
| description: The most recently computed amount of resources recommended | |
| by the autoscaler for the controlled pods. | |
| properties: | |
| containerRecommendations: | |
| description: Resources recommended by the autoscaler for each | |
| container. | |
| items: | |
| description: RecommendedContainerResources is the recommendation | |
| of resources computed by autoscaler for a specific container. | |
| Respects the container resource policy if present in the | |
| spec. In particular the recommendation is not produced for | |
| containers with `ContainerScalingMode` set to 'Off'. | |
| properties: | |
| containerName: | |
| description: Name of the container. | |
| type: string | |
| lowerBound: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Minimum recommended amount of resources. | |
| Observes ContainerResourcePolicy. This amount is not | |
| guaranteed to be sufficient for the application to operate | |
| in a stable way, however running with less resources | |
| is likely to have significant impact on performance/availability. | |
| type: object | |
| target: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Recommended amount of resources. Observes | |
| ContainerResourcePolicy. | |
| type: object | |
| uncappedTarget: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: The most recent recommended resources target | |
| computed by the autoscaler for the controlled pods, | |
| based only on actual resource usage, not taking into | |
| account the ContainerResourcePolicy. May differ from | |
| the Recommendation if the actual resource usage causes | |
| the target to violate the ContainerResourcePolicy (lower | |
| than MinAllowed or higher that MaxAllowed). Used only | |
| as status indication, will not affect actual resource | |
| assignment. | |
| type: object | |
| upperBound: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Maximum recommended amount of resources. | |
| Observes ContainerResourcePolicy. Any resources allocated | |
| beyond this value are likely wasted. This value may | |
| be larger than the maximum amount of application is | |
| actually capable of consuming. | |
| type: object | |
| required: | |
| - target | |
| type: object | |
| type: array | |
| type: object | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| served: true | |
| storage: true | |
| subresources: {} | |
| - name: v1beta2 | |
| schema: | |
| openAPIV3Schema: | |
| description: VerticalPodAutoscaler is the configuration for a vertical pod | |
| autoscaler, which automatically manages pod resources based on historical | |
| and real time resource utilization. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: 'Specification of the behavior of the autoscaler. More | |
| info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.' | |
| properties: | |
| resourcePolicy: | |
| description: Controls how the autoscaler computes recommended resources. | |
| The resource policy may be used to set constraints on the recommendations | |
| for individual containers. If not specified, the autoscaler computes | |
| recommended resources for all containers in the pod, without additional | |
| constraints. | |
| properties: | |
| containerPolicies: | |
| description: Per-container resource policies. | |
| items: | |
| description: ContainerResourcePolicy controls how autoscaler | |
| computes the recommended resources for a specific container. | |
| properties: | |
| containerName: | |
| description: Name of the container or DefaultContainerResourcePolicy, | |
| in which case the policy is used by the containers that | |
| don't have their own policy specified. | |
| type: string | |
| maxAllowed: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Specifies the maximum amount of resources | |
| that will be recommended for the container. The default | |
| is no maximum. | |
| type: object | |
| minAllowed: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Specifies the minimal amount of resources | |
| that will be recommended for the container. The default | |
| is no minimum. | |
| type: object | |
| mode: | |
| description: Whether autoscaler is enabled for the container. | |
| The default is "Auto". | |
| enum: | |
| - Auto | |
| - "Off" | |
| type: string | |
| type: object | |
| type: array | |
| type: object | |
| targetRef: | |
| description: TargetRef points to the controller managing the set | |
| of pods for the autoscaler to control - e.g. Deployment, StatefulSet. | |
| VerticalPodAutoscaler can be targeted at controller implementing | |
| scale subresource (the pod set is retrieved from the controller's | |
| ScaleStatus) or some well known controllers (e.g. for DaemonSet | |
| the pod set is read from the controller's spec). If VerticalPodAutoscaler | |
| cannot use specified target it will report ConfigUnsupported condition. | |
| Note that VerticalPodAutoscaler does not require full implementation | |
| of scale subresource - it will not use it to modify the replica | |
| count. The only thing retrieved is a label selector matching pods | |
| grouped by the target resource. | |
| properties: | |
| apiVersion: | |
| description: API version of the referent | |
| type: string | |
| kind: | |
| description: 'Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' | |
| type: string | |
| name: | |
| description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' | |
| type: string | |
| required: | |
| - kind | |
| - name | |
| type: object | |
| updatePolicy: | |
| description: Describes the rules on how changes are applied to the | |
| pods. If not specified, all fields in the `PodUpdatePolicy` are | |
| set to their default values. | |
| properties: | |
| updateMode: | |
| description: Controls when autoscaler applies changes to the | |
| pod resources. The default is 'Auto'. | |
| enum: | |
| - "Off" | |
| - Initial | |
| - Recreate | |
| - Auto | |
| type: string | |
| type: object | |
| required: | |
| - targetRef | |
| type: object | |
| status: | |
| description: Current information about the autoscaler. | |
| properties: | |
| conditions: | |
| description: Conditions is the set of conditions required for this | |
| autoscaler to scale its target, and indicates whether or not those | |
| conditions are met. | |
| items: | |
| description: VerticalPodAutoscalerCondition describes the state | |
| of a VerticalPodAutoscaler at a certain point. | |
| properties: | |
| lastTransitionTime: | |
| description: lastTransitionTime is the last time the condition | |
| transitioned from one status to another | |
| format: date-time | |
| type: string | |
| message: | |
| description: message is a human-readable explanation containing | |
| details about the transition | |
| type: string | |
| reason: | |
| description: reason is the reason for the condition's last | |
| transition. | |
| type: string | |
| status: | |
| description: status is the status of the condition (True, | |
| False, Unknown) | |
| type: string | |
| type: | |
| description: type describes the current condition | |
| type: string | |
| required: | |
| - status | |
| - type | |
| type: object | |
| type: array | |
| recommendation: | |
| description: The most recently computed amount of resources recommended | |
| by the autoscaler for the controlled pods. | |
| properties: | |
| containerRecommendations: | |
| description: Resources recommended by the autoscaler for each | |
| container. | |
| items: | |
| description: RecommendedContainerResources is the recommendation | |
| of resources computed by autoscaler for a specific container. | |
| Respects the container resource policy if present in the | |
| spec. In particular the recommendation is not produced for | |
| containers with `ContainerScalingMode` set to 'Off'. | |
| properties: | |
| containerName: | |
| description: Name of the container. | |
| type: string | |
| lowerBound: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Minimum recommended amount of resources. | |
| Observes ContainerResourcePolicy. This amount is not | |
| guaranteed to be sufficient for the application to operate | |
| in a stable way, however running with less resources | |
| is likely to have significant impact on performance/availability. | |
| type: object | |
| target: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Recommended amount of resources. Observes | |
| ContainerResourcePolicy. | |
| type: object | |
| uncappedTarget: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: The most recent recommended resources target | |
| computed by the autoscaler for the controlled pods, | |
| based only on actual resource usage, not taking into | |
| account the ContainerResourcePolicy. May differ from | |
| the Recommendation if the actual resource usage causes | |
| the target to violate the ContainerResourcePolicy (lower | |
| than MinAllowed or higher that MaxAllowed). Used only | |
| as status indication, will not affect actual resource | |
| assignment. | |
| type: object | |
| upperBound: | |
| additionalProperties: | |
| anyOf: | |
| - type: integer | |
| - type: string | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| x-kubernetes-int-or-string: true | |
| description: Maximum recommended amount of resources. | |
| Observes ContainerResourcePolicy. Any resources allocated | |
| beyond this value are likely wasted. This value may | |
| be larger than the maximum amount of application is | |
| actually capable of consuming. | |
| type: object | |
| required: | |
| - target | |
| type: object | |
| type: array | |
| type: object | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| served: true | |
| storage: false | |
| status: | |
| acceptedNames: | |
| kind: VerticalPodAutoscaler | |
| listKind: VerticalPodAutoscalerList | |
| plural: verticalpodautoscalers | |
| shortNames: | |
| - vpa | |
| singular: verticalpodautoscaler | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:19:03Z" | |
| message: approved in https://github.com/kubernetes/kubernetes/pull/63797 | |
| reason: ApprovedAnnotation | |
| status: "True" | |
| type: KubernetesAPIApprovalPolicyConformant | |
| - lastTransitionTime: "2022-11-16T06:19:03Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:19:03Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 | |
| components.gke.io/component-name: snapshot-controller | |
| components.gke.io/component-version: 0.6.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.4.0 | |
| creationTimestamp: "2022-11-16T06:18:56Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: volumesnapshotclasses.snapshot.storage.k8s.io | |
| resourceVersion: "1134" | |
| uid: 10bb79da-0d5b-4fce-9b20-f6d90cfabb53 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: snapshot.storage.k8s.io | |
| names: | |
| kind: VolumeSnapshotClass | |
| listKind: VolumeSnapshotClassList | |
| plural: volumesnapshotclasses | |
| singular: volumesnapshotclass | |
| scope: Cluster | |
| versions: | |
| - additionalPrinterColumns: | |
| - jsonPath: .driver | |
| name: Driver | |
| type: string | |
| - description: Determines whether a VolumeSnapshotContent created through the | |
| VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. | |
| jsonPath: .deletionPolicy | |
| name: DeletionPolicy | |
| type: string | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: VolumeSnapshotClass specifies parameters that a underlying | |
| storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass | |
| is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses | |
| are non-namespaced | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| deletionPolicy: | |
| description: deletionPolicy determines whether a VolumeSnapshotContent | |
| created through the VolumeSnapshotClass should be deleted when its | |
| bound VolumeSnapshot is deleted. Supported values are "Retain" and | |
| "Delete". "Retain" means that the VolumeSnapshotContent and its physical | |
| snapshot on underlying storage system are kept. "Delete" means that | |
| the VolumeSnapshotContent and its physical snapshot on underlying | |
| storage system are deleted. Required. | |
| enum: | |
| - Delete | |
| - Retain | |
| type: string | |
| driver: | |
| description: driver is the name of the storage driver that handles this | |
| VolumeSnapshotClass. Required. | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| parameters: | |
| additionalProperties: | |
| type: string | |
| description: parameters is a key-value map with storage driver specific | |
| parameters for creating snapshots. These values are opaque to Kubernetes. | |
| type: object | |
| required: | |
| - deletionPolicy | |
| - driver | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: {} | |
| - additionalPrinterColumns: | |
| - jsonPath: .driver | |
| name: Driver | |
| type: string | |
| - description: Determines whether a VolumeSnapshotContent created through the | |
| VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. | |
| jsonPath: .deletionPolicy | |
| name: DeletionPolicy | |
| type: string | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| deprecated: true | |
| deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotClass is deprecated; | |
| use snapshot.storage.k8s.io/v1 VolumeSnapshotClass | |
| name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| description: VolumeSnapshotClass specifies parameters that a underlying | |
| storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass | |
| is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses | |
| are non-namespaced | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| deletionPolicy: | |
| description: deletionPolicy determines whether a VolumeSnapshotContent | |
| created through the VolumeSnapshotClass should be deleted when its | |
| bound VolumeSnapshot is deleted. Supported values are "Retain" and | |
| "Delete". "Retain" means that the VolumeSnapshotContent and its physical | |
| snapshot on underlying storage system are kept. "Delete" means that | |
| the VolumeSnapshotContent and its physical snapshot on underlying | |
| storage system are deleted. Required. | |
| enum: | |
| - Delete | |
| - Retain | |
| type: string | |
| driver: | |
| description: driver is the name of the storage driver that handles this | |
| VolumeSnapshotClass. Required. | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| parameters: | |
| additionalProperties: | |
| type: string | |
| description: parameters is a key-value map with storage driver specific | |
| parameters for creating snapshots. These values are opaque to Kubernetes. | |
| type: object | |
| required: | |
| - deletionPolicy | |
| - driver | |
| type: object | |
| served: true | |
| storage: false | |
| subresources: {} | |
| status: | |
| acceptedNames: | |
| kind: VolumeSnapshotClass | |
| listKind: VolumeSnapshotClassList | |
| plural: volumesnapshotclasses | |
| singular: volumesnapshotclass | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:56Z" | |
| message: approved in https://github.com/kubernetes-csi/external-snapshotter/pull/419 | |
| reason: ApprovedAnnotation | |
| status: "True" | |
| type: KubernetesAPIApprovalPolicyConformant | |
| - lastTransitionTime: "2022-11-16T06:18:56Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:56Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 | |
| components.gke.io/component-name: snapshot-controller | |
| components.gke.io/component-version: 0.6.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.4.0 | |
| creationTimestamp: "2022-11-16T06:18:57Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: volumesnapshotcontents.snapshot.storage.k8s.io | |
| resourceVersion: "1142" | |
| uid: 3d9ca1a4-370a-4c26-83b3-672d60b02131 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: snapshot.storage.k8s.io | |
| names: | |
| kind: VolumeSnapshotContent | |
| listKind: VolumeSnapshotContentList | |
| plural: volumesnapshotcontents | |
| singular: volumesnapshotcontent | |
| scope: Cluster | |
| versions: | |
| - additionalPrinterColumns: | |
| - description: Indicates if the snapshot is ready to be used to restore a volume. | |
| jsonPath: .status.readyToUse | |
| name: ReadyToUse | |
| type: boolean | |
| - description: Represents the complete size of the snapshot in bytes | |
| jsonPath: .status.restoreSize | |
| name: RestoreSize | |
| type: integer | |
| - description: Determines whether this VolumeSnapshotContent and its physical | |
| snapshot on the underlying storage system should be deleted when its bound | |
| VolumeSnapshot is deleted. | |
| jsonPath: .spec.deletionPolicy | |
| name: DeletionPolicy | |
| type: string | |
| - description: Name of the CSI driver used to create the physical snapshot on | |
| the underlying storage system. | |
| jsonPath: .spec.driver | |
| name: Driver | |
| type: string | |
| - description: Name of the VolumeSnapshotClass to which this snapshot belongs. | |
| jsonPath: .spec.volumeSnapshotClassName | |
| name: VolumeSnapshotClass | |
| type: string | |
| - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent | |
| object is bound. | |
| jsonPath: .spec.volumeSnapshotRef.name | |
| name: VolumeSnapshot | |
| type: string | |
| - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent | |
| object is bound. | |
| jsonPath: .spec.volumeSnapshotRef.namespace | |
| name: VolumeSnapshotNamespace | |
| type: string | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: VolumeSnapshotContent represents the actual "on-disk" snapshot | |
| object in the underlying storage system | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| spec: | |
| description: spec defines properties of a VolumeSnapshotContent created | |
| by the underlying storage system. Required. | |
| properties: | |
| deletionPolicy: | |
| description: deletionPolicy determines whether this VolumeSnapshotContent | |
| and its physical snapshot on the underlying storage system should | |
| be deleted when its bound VolumeSnapshot is deleted. Supported | |
| values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent | |
| and its physical snapshot on underlying storage system are kept. | |
| "Delete" means that the VolumeSnapshotContent and its physical | |
| snapshot on underlying storage system are deleted. For dynamically | |
| provisioned snapshots, this field will automatically be filled | |
| in by the CSI snapshotter sidecar with the "DeletionPolicy" field | |
| defined in the corresponding VolumeSnapshotClass. For pre-existing | |
| snapshots, users MUST specify this field when creating the VolumeSnapshotContent | |
| object. Required. | |
| enum: | |
| - Delete | |
| - Retain | |
| type: string | |
| driver: | |
| description: driver is the name of the CSI driver used to create | |
| the physical snapshot on the underlying storage system. This MUST | |
| be the same as the name returned by the CSI GetPluginName() call | |
| for that driver. Required. | |
| type: string | |
| source: | |
| description: source specifies whether the snapshot is (or should | |
| be) dynamically provisioned or already exists, and just requires | |
| a Kubernetes object representation. This field is immutable after | |
| creation. Required. | |
| oneOf: | |
| - required: | |
| - snapshotHandle | |
| - required: | |
| - volumeHandle | |
| properties: | |
| snapshotHandle: | |
| description: snapshotHandle specifies the CSI "snapshot_id" | |
| of a pre-existing snapshot on the underlying storage system | |
| for which a Kubernetes object representation was (or should | |
| be) created. This field is immutable. | |
| type: string | |
| volumeHandle: | |
| description: volumeHandle specifies the CSI "volume_id" of the | |
| volume from which a snapshot should be dynamically taken from. | |
| This field is immutable. | |
| type: string | |
| type: object | |
| volumeSnapshotClassName: | |
| description: name of the VolumeSnapshotClass from which this snapshot | |
| was (or will be) created. Note that after provisioning, the VolumeSnapshotClass | |
| may be deleted or recreated with different set of values, and | |
| as such, should not be referenced post-snapshot creation. | |
| type: string | |
| volumeSnapshotRef: | |
| description: volumeSnapshotRef specifies the VolumeSnapshot object | |
| to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName | |
| field must reference to this VolumeSnapshotContent's name for | |
| the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent | |
| object, name and namespace of the VolumeSnapshot object MUST be | |
| provided for binding to happen. This field is immutable after | |
| creation. Required. | |
| properties: | |
| apiVersion: | |
| description: API version of the referent. | |
| type: string | |
| fieldPath: | |
| description: 'If referring to a piece of an object instead of | |
| an entire object, this string should contain a valid JSON/Go | |
| field access statement, such as desiredState.manifest.containers[2]. | |
| For example, if the object reference is to a container within | |
| a pod, this would take on a value like: "spec.containers{name}" | |
| (where "name" refers to the name of the container that triggered | |
| the event) or if no container name is specified "spec.containers[2]" | |
| (container with index 2 in this pod). This syntax is chosen | |
| only to have some well-defined way of referencing a part of | |
| an object. TODO: this design is not final and this field is | |
| subject to change in the future.' | |
| type: string | |
| kind: | |
| description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' | |
| type: string | |
| namespace: | |
| description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' | |
| type: string | |
| resourceVersion: | |
| description: 'Specific resourceVersion to which this reference | |
| is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' | |
| type: string | |
| uid: | |
| description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' | |
| type: string | |
| type: object | |
| required: | |
| - deletionPolicy | |
| - driver | |
| - source | |
| - volumeSnapshotRef | |
| type: object | |
| status: | |
| description: status represents the current information of a snapshot. | |
| properties: | |
| creationTime: | |
| description: creationTime is the timestamp when the point-in-time | |
| snapshot is taken by the underlying storage system. In dynamic | |
| snapshot creation case, this field will be filled in by the CSI | |
| snapshotter sidecar with the "creation_time" value returned from | |
| CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this | |
| field will be filled with the "creation_time" value returned from | |
| the CSI "ListSnapshots" gRPC call if the driver supports it. If | |
| not specified, it indicates the creation time is unknown. The | |
| format of this field is a Unix nanoseconds time encoded as an | |
| int64. On Unix, the command `date +%s%N` returns the current time | |
| in nanoseconds since 1970-01-01 00:00:00 UTC. | |
| format: int64 | |
| type: integer | |
| error: | |
| description: error is the last observed error during snapshot creation, | |
| if any. Upon success after retry, this error field will be cleared. | |
| properties: | |
| message: | |
| description: 'message is a string detailing the encountered | |
| error during snapshot creation if specified. NOTE: message | |
| may be logged, and it should not contain sensitive information.' | |
| type: string | |
| time: | |
| description: time is the timestamp when the error was encountered. | |
| format: date-time | |
| type: string | |
| type: object | |
| readyToUse: | |
| description: readyToUse indicates if a snapshot is ready to be used | |
| to restore a volume. In dynamic snapshot creation case, this field | |
| will be filled in by the CSI snapshotter sidecar with the "ready_to_use" | |
| value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing | |
| snapshot, this field will be filled with the "ready_to_use" value | |
| returned from the CSI "ListSnapshots" gRPC call if the driver | |
| supports it, otherwise, this field will be set to "True". If not | |
| specified, it means the readiness of a snapshot is unknown. | |
| type: boolean | |
| restoreSize: | |
| description: restoreSize represents the complete size of the snapshot | |
| in bytes. In dynamic snapshot creation case, this field will be | |
| filled in by the CSI snapshotter sidecar with the "size_bytes" | |
| value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing | |
| snapshot, this field will be filled with the "size_bytes" value | |
| returned from the CSI "ListSnapshots" gRPC call if the driver | |
| supports it. When restoring a volume from this snapshot, the size | |
| of the volume MUST NOT be smaller than the restoreSize if it is | |
| specified, otherwise the restoration will fail. If not specified, | |
| it indicates that the size is unknown. | |
| format: int64 | |
| minimum: 0 | |
| type: integer | |
| snapshotHandle: | |
| description: snapshotHandle is the CSI "snapshot_id" of a snapshot | |
| on the underlying storage system. If not specified, it indicates | |
| that dynamic snapshot creation has either failed or it is still | |
| in progress. | |
| type: string | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| - additionalPrinterColumns: | |
| - description: Indicates if the snapshot is ready to be used to restore a volume. | |
| jsonPath: .status.readyToUse | |
| name: ReadyToUse | |
| type: boolean | |
| - description: Represents the complete size of the snapshot in bytes | |
| jsonPath: .status.restoreSize | |
| name: RestoreSize | |
| type: integer | |
| - description: Determines whether this VolumeSnapshotContent and its physical | |
| snapshot on the underlying storage system should be deleted when its bound | |
| VolumeSnapshot is deleted. | |
| jsonPath: .spec.deletionPolicy | |
| name: DeletionPolicy | |
| type: string | |
| - description: Name of the CSI driver used to create the physical snapshot on | |
| the underlying storage system. | |
| jsonPath: .spec.driver | |
| name: Driver | |
| type: string | |
| - description: Name of the VolumeSnapshotClass to which this snapshot belongs. | |
| jsonPath: .spec.volumeSnapshotClassName | |
| name: VolumeSnapshotClass | |
| type: string | |
| - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent | |
| object is bound. | |
| jsonPath: .spec.volumeSnapshotRef.name | |
| name: VolumeSnapshot | |
| type: string | |
| - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent | |
| object is bound. | |
| jsonPath: .spec.volumeSnapshotRef.namespace | |
| name: VolumeSnapshotNamespace | |
| type: string | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| deprecated: true | |
| deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotContent is | |
| deprecated; use snapshot.storage.k8s.io/v1 VolumeSnapshotContent | |
| name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| description: VolumeSnapshotContent represents the actual "on-disk" snapshot | |
| object in the underlying storage system | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| spec: | |
| description: spec defines properties of a VolumeSnapshotContent created | |
| by the underlying storage system. Required. | |
| properties: | |
| deletionPolicy: | |
| description: deletionPolicy determines whether this VolumeSnapshotContent | |
| and its physical snapshot on the underlying storage system should | |
| be deleted when its bound VolumeSnapshot is deleted. Supported | |
| values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent | |
| and its physical snapshot on underlying storage system are kept. | |
| "Delete" means that the VolumeSnapshotContent and its physical | |
| snapshot on underlying storage system are deleted. For dynamically | |
| provisioned snapshots, this field will automatically be filled | |
| in by the CSI snapshotter sidecar with the "DeletionPolicy" field | |
| defined in the corresponding VolumeSnapshotClass. For pre-existing | |
| snapshots, users MUST specify this field when creating the VolumeSnapshotContent | |
| object. Required. | |
| enum: | |
| - Delete | |
| - Retain | |
| type: string | |
| driver: | |
| description: driver is the name of the CSI driver used to create | |
| the physical snapshot on the underlying storage system. This MUST | |
| be the same as the name returned by the CSI GetPluginName() call | |
| for that driver. Required. | |
| type: string | |
| source: | |
| description: source specifies whether the snapshot is (or should | |
| be) dynamically provisioned or already exists, and just requires | |
| a Kubernetes object representation. This field is immutable after | |
| creation. Required. | |
| properties: | |
| snapshotHandle: | |
| description: snapshotHandle specifies the CSI "snapshot_id" | |
| of a pre-existing snapshot on the underlying storage system | |
| for which a Kubernetes object representation was (or should | |
| be) created. This field is immutable. | |
| type: string | |
| volumeHandle: | |
| description: volumeHandle specifies the CSI "volume_id" of the | |
| volume from which a snapshot should be dynamically taken from. | |
| This field is immutable. | |
| type: string | |
| type: object | |
| volumeSnapshotClassName: | |
| description: name of the VolumeSnapshotClass from which this snapshot | |
| was (or will be) created. Note that after provisioning, the VolumeSnapshotClass | |
| may be deleted or recreated with different set of values, and | |
| as such, should not be referenced post-snapshot creation. | |
| type: string | |
| volumeSnapshotRef: | |
| description: volumeSnapshotRef specifies the VolumeSnapshot object | |
| to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName | |
| field must reference to this VolumeSnapshotContent's name for | |
| the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent | |
| object, name and namespace of the VolumeSnapshot object MUST be | |
| provided for binding to happen. This field is immutable after | |
| creation. Required. | |
| properties: | |
| apiVersion: | |
| description: API version of the referent. | |
| type: string | |
| fieldPath: | |
| description: 'If referring to a piece of an object instead of | |
| an entire object, this string should contain a valid JSON/Go | |
| field access statement, such as desiredState.manifest.containers[2]. | |
| For example, if the object reference is to a container within | |
| a pod, this would take on a value like: "spec.containers{name}" | |
| (where "name" refers to the name of the container that triggered | |
| the event) or if no container name is specified "spec.containers[2]" | |
| (container with index 2 in this pod). This syntax is chosen | |
| only to have some well-defined way of referencing a part of | |
| an object. TODO: this design is not final and this field is | |
| subject to change in the future.' | |
| type: string | |
| kind: | |
| description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| name: | |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' | |
| type: string | |
| namespace: | |
| description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' | |
| type: string | |
| resourceVersion: | |
| description: 'Specific resourceVersion to which this reference | |
| is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' | |
| type: string | |
| uid: | |
| description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' | |
| type: string | |
| type: object | |
| required: | |
| - deletionPolicy | |
| - driver | |
| - source | |
| - volumeSnapshotRef | |
| type: object | |
| status: | |
| description: status represents the current information of a snapshot. | |
| properties: | |
| creationTime: | |
| description: creationTime is the timestamp when the point-in-time | |
| snapshot is taken by the underlying storage system. In dynamic | |
| snapshot creation case, this field will be filled in by the CSI | |
| snapshotter sidecar with the "creation_time" value returned from | |
| CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this | |
| field will be filled with the "creation_time" value returned from | |
| the CSI "ListSnapshots" gRPC call if the driver supports it. If | |
| not specified, it indicates the creation time is unknown. The | |
| format of this field is a Unix nanoseconds time encoded as an | |
| int64. On Unix, the command `date +%s%N` returns the current time | |
| in nanoseconds since 1970-01-01 00:00:00 UTC. | |
| format: int64 | |
| type: integer | |
| error: | |
| description: error is the last observed error during snapshot creation, | |
| if any. Upon success after retry, this error field will be cleared. | |
| properties: | |
| message: | |
| description: 'message is a string detailing the encountered | |
| error during snapshot creation if specified. NOTE: message | |
| may be logged, and it should not contain sensitive information.' | |
| type: string | |
| time: | |
| description: time is the timestamp when the error was encountered. | |
| format: date-time | |
| type: string | |
| type: object | |
| readyToUse: | |
| description: readyToUse indicates if a snapshot is ready to be used | |
| to restore a volume. In dynamic snapshot creation case, this field | |
| will be filled in by the CSI snapshotter sidecar with the "ready_to_use" | |
| value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing | |
| snapshot, this field will be filled with the "ready_to_use" value | |
| returned from the CSI "ListSnapshots" gRPC call if the driver | |
| supports it, otherwise, this field will be set to "True". If not | |
| specified, it means the readiness of a snapshot is unknown. | |
| type: boolean | |
| restoreSize: | |
| description: restoreSize represents the complete size of the snapshot | |
| in bytes. In dynamic snapshot creation case, this field will be | |
| filled in by the CSI snapshotter sidecar with the "size_bytes" | |
| value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing | |
| snapshot, this field will be filled with the "size_bytes" value | |
| returned from the CSI "ListSnapshots" gRPC call if the driver | |
| supports it. When restoring a volume from this snapshot, the size | |
| of the volume MUST NOT be smaller than the restoreSize if it is | |
| specified, otherwise the restoration will fail. If not specified, | |
| it indicates that the size is unknown. | |
| format: int64 | |
| minimum: 0 | |
| type: integer | |
| snapshotHandle: | |
| description: snapshotHandle is the CSI "snapshot_id" of a snapshot | |
| on the underlying storage system. If not specified, it indicates | |
| that dynamic snapshot creation has either failed or it is still | |
| in progress. | |
| type: string | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: false | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: VolumeSnapshotContent | |
| listKind: VolumeSnapshotContentList | |
| plural: volumesnapshotcontents | |
| singular: volumesnapshotcontent | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:57Z" | |
| message: approved in https://github.com/kubernetes-csi/external-snapshotter/pull/419 | |
| reason: ApprovedAnnotation | |
| status: "True" | |
| type: KubernetesAPIApprovalPolicyConformant | |
| - lastTransitionTime: "2022-11-16T06:18:57Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:57Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| storedVersions: | |
| - v1 | |
| - apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 | |
| components.gke.io/component-name: snapshot-controller | |
| components.gke.io/component-version: 0.6.1 | |
| components.gke.io/layer: addon | |
| controller-gen.kubebuilder.io/version: v0.4.0 | |
| creationTimestamp: "2022-11-16T06:18:57Z" | |
| generation: 1 | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| name: volumesnapshots.snapshot.storage.k8s.io | |
| resourceVersion: "1146" | |
| uid: 433ebc7b-8246-44f4-8691-f40261436011 | |
| spec: | |
| conversion: | |
| strategy: None | |
| group: snapshot.storage.k8s.io | |
| names: | |
| kind: VolumeSnapshot | |
| listKind: VolumeSnapshotList | |
| plural: volumesnapshots | |
| singular: volumesnapshot | |
| scope: Namespaced | |
| versions: | |
| - additionalPrinterColumns: | |
| - description: Indicates if the snapshot is ready to be used to restore a volume. | |
| jsonPath: .status.readyToUse | |
| name: ReadyToUse | |
| type: boolean | |
| - description: If a new snapshot needs to be created, this contains the name | |
| of the source PVC from which this snapshot was (or will be) created. | |
| jsonPath: .spec.source.persistentVolumeClaimName | |
| name: SourcePVC | |
| type: string | |
| - description: If a snapshot already exists, this contains the name of the existing | |
| VolumeSnapshotContent object representing the existing snapshot. | |
| jsonPath: .spec.source.volumeSnapshotContentName | |
| name: SourceSnapshotContent | |
| type: string | |
| - description: Represents the minimum size of volume required to rehydrate from | |
| this snapshot. | |
| jsonPath: .status.restoreSize | |
| name: RestoreSize | |
| type: string | |
| - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. | |
| jsonPath: .spec.volumeSnapshotClassName | |
| name: SnapshotClass | |
| type: string | |
| - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot | |
| object intends to bind to. Please note that verification of binding actually | |
| requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure | |
| both are pointing at each other. Binding MUST be verified prior to usage | |
| of this object. | |
| jsonPath: .status.boundVolumeSnapshotContentName | |
| name: SnapshotContent | |
| type: string | |
| - description: Timestamp when the point-in-time snapshot was taken by the underlying | |
| storage system. | |
| jsonPath: .status.creationTime | |
| name: CreationTime | |
| type: date | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| name: v1 | |
| schema: | |
| openAPIV3Schema: | |
| description: VolumeSnapshot is a user's request for either creating a point-in-time | |
| snapshot of a persistent volume, or binding to a pre-existing snapshot. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| spec: | |
| description: 'spec defines the desired characteristics of a snapshot | |
| requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots | |
| Required.' | |
| properties: | |
| source: | |
| description: source specifies where a snapshot will be created from. | |
| This field is immutable after creation. Required. | |
| oneOf: | |
| - required: | |
| - persistentVolumeClaimName | |
| - required: | |
| - volumeSnapshotContentName | |
| properties: | |
| persistentVolumeClaimName: | |
| description: persistentVolumeClaimName specifies the name of | |
| the PersistentVolumeClaim object representing the volume from | |
| which a snapshot should be created. This PVC is assumed to | |
| be in the same namespace as the VolumeSnapshot object. This | |
| field should be set if the snapshot does not exists, and needs | |
| to be created. This field is immutable. | |
| type: string | |
| volumeSnapshotContentName: | |
| description: volumeSnapshotContentName specifies the name of | |
| a pre-existing VolumeSnapshotContent object representing an | |
| existing volume snapshot. This field should be set if the | |
| snapshot already exists and only needs a representation in | |
| Kubernetes. This field is immutable. | |
| type: string | |
| type: object | |
| volumeSnapshotClassName: | |
| description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass | |
| requested by the VolumeSnapshot. VolumeSnapshotClassName may be | |
| left nil to indicate that the default SnapshotClass should be | |
| used. A given cluster may have multiple default Volume SnapshotClasses: | |
| one default per CSI Driver. If a VolumeSnapshot does not specify | |
| a SnapshotClass, VolumeSnapshotSource will be checked to figure | |
| out what the associated CSI Driver is, and the default VolumeSnapshotClass | |
| associated with that CSI Driver will be used. If more than one | |
| VolumeSnapshotClass exist for a given CSI Driver and more than | |
| one have been marked as default, CreateSnapshot will fail and | |
| generate an event. Empty string is not allowed for this field.' | |
| type: string | |
| required: | |
| - source | |
| type: object | |
| status: | |
| description: status represents the current information of a snapshot. | |
| Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent | |
| objects is successful (by validating that both VolumeSnapshot and | |
| VolumeSnapshotContent point at each other) before using this object. | |
| properties: | |
| boundVolumeSnapshotContentName: | |
| description: 'boundVolumeSnapshotContentName is the name of the | |
| VolumeSnapshotContent object to which this VolumeSnapshot object | |
| intends to bind to. If not specified, it indicates that the VolumeSnapshot | |
| object has not been successfully bound to a VolumeSnapshotContent | |
| object yet. NOTE: To avoid possible security issues, consumers | |
| must verify binding between VolumeSnapshot and VolumeSnapshotContent | |
| objects is successful (by validating that both VolumeSnapshot | |
| and VolumeSnapshotContent point at each other) before using this | |
| object.' | |
| type: string | |
| creationTime: | |
| description: creationTime is the timestamp when the point-in-time | |
| snapshot is taken by the underlying storage system. In dynamic | |
| snapshot creation case, this field will be filled in by the snapshot | |
| controller with the "creation_time" value returned from CSI "CreateSnapshot" | |
| gRPC call. For a pre-existing snapshot, this field will be filled | |
| with the "creation_time" value returned from the CSI "ListSnapshots" | |
| gRPC call if the driver supports it. If not specified, it may | |
| indicate that the creation time of the snapshot is unknown. | |
| format: date-time | |
| type: string | |
| error: | |
| description: error is the last observed error during snapshot creation, | |
| if any. This field could be helpful to upper level controllers(i.e., | |
| application controller) to decide whether they should continue | |
| on waiting for the snapshot to be created based on the type of | |
| error reported. The snapshot controller will keep retrying when | |
| an error occurrs during the snapshot creation. Upon success, this | |
| error field will be cleared. | |
| properties: | |
| message: | |
| description: 'message is a string detailing the encountered | |
| error during snapshot creation if specified. NOTE: message | |
| may be logged, and it should not contain sensitive information.' | |
| type: string | |
| time: | |
| description: time is the timestamp when the error was encountered. | |
| format: date-time | |
| type: string | |
| type: object | |
| readyToUse: | |
| description: readyToUse indicates if the snapshot is ready to be | |
| used to restore a volume. In dynamic snapshot creation case, this | |
| field will be filled in by the snapshot controller with the "ready_to_use" | |
| value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing | |
| snapshot, this field will be filled with the "ready_to_use" value | |
| returned from the CSI "ListSnapshots" gRPC call if the driver | |
| supports it, otherwise, this field will be set to "True". If not | |
| specified, it means the readiness of a snapshot is unknown. | |
| type: boolean | |
| restoreSize: | |
| description: restoreSize represents the minimum size of volume required | |
| to create a volume from this snapshot. In dynamic snapshot creation | |
| case, this field will be filled in by the snapshot controller | |
| with the "size_bytes" value returned from CSI "CreateSnapshot" | |
| gRPC call. For a pre-existing snapshot, this field will be filled | |
| with the "size_bytes" value returned from the CSI "ListSnapshots" | |
| gRPC call if the driver supports it. When restoring a volume from | |
| this snapshot, the size of the volume MUST NOT be smaller than | |
| the restoreSize if it is specified, otherwise the restoration | |
| will fail. If not specified, it indicates that the size is unknown. | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| type: string | |
| x-kubernetes-int-or-string: true | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| - additionalPrinterColumns: | |
| - description: Indicates if the snapshot is ready to be used to restore a volume. | |
| jsonPath: .status.readyToUse | |
| name: ReadyToUse | |
| type: boolean | |
| - description: If a new snapshot needs to be created, this contains the name | |
| of the source PVC from which this snapshot was (or will be) created. | |
| jsonPath: .spec.source.persistentVolumeClaimName | |
| name: SourcePVC | |
| type: string | |
| - description: If a snapshot already exists, this contains the name of the existing | |
| VolumeSnapshotContent object representing the existing snapshot. | |
| jsonPath: .spec.source.volumeSnapshotContentName | |
| name: SourceSnapshotContent | |
| type: string | |
| - description: Represents the minimum size of volume required to rehydrate from | |
| this snapshot. | |
| jsonPath: .status.restoreSize | |
| name: RestoreSize | |
| type: string | |
| - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. | |
| jsonPath: .spec.volumeSnapshotClassName | |
| name: SnapshotClass | |
| type: string | |
| - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot | |
| object intends to bind to. Please note that verification of binding actually | |
| requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure | |
| both are pointing at each other. Binding MUST be verified prior to usage | |
| of this object. | |
| jsonPath: .status.boundVolumeSnapshotContentName | |
| name: SnapshotContent | |
| type: string | |
| - description: Timestamp when the point-in-time snapshot was taken by the underlying | |
| storage system. | |
| jsonPath: .status.creationTime | |
| name: CreationTime | |
| type: date | |
| - jsonPath: .metadata.creationTimestamp | |
| name: Age | |
| type: date | |
| deprecated: true | |
| deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshot is deprecated; | |
| use snapshot.storage.k8s.io/v1 VolumeSnapshot | |
| name: v1beta1 | |
| schema: | |
| openAPIV3Schema: | |
| description: VolumeSnapshot is a user's request for either creating a point-in-time | |
| snapshot of a persistent volume, or binding to a pre-existing snapshot. | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation | |
| of an object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource | |
| this object represents. Servers may infer this from the endpoint the | |
| client submits requests to. Cannot be updated. In CamelCase. More | |
| info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| spec: | |
| description: 'spec defines the desired characteristics of a snapshot | |
| requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots | |
| Required.' | |
| properties: | |
| source: | |
| description: source specifies where a snapshot will be created from. | |
| This field is immutable after creation. Required. | |
| properties: | |
| persistentVolumeClaimName: | |
| description: persistentVolumeClaimName specifies the name of | |
| the PersistentVolumeClaim object representing the volume from | |
| which a snapshot should be created. This PVC is assumed to | |
| be in the same namespace as the VolumeSnapshot object. This | |
| field should be set if the snapshot does not exists, and needs | |
| to be created. This field is immutable. | |
| type: string | |
| volumeSnapshotContentName: | |
| description: volumeSnapshotContentName specifies the name of | |
| a pre-existing VolumeSnapshotContent object representing an | |
| existing volume snapshot. This field should be set if the | |
| snapshot already exists and only needs a representation in | |
| Kubernetes. This field is immutable. | |
| type: string | |
| type: object | |
| volumeSnapshotClassName: | |
| description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass | |
| requested by the VolumeSnapshot. VolumeSnapshotClassName may be | |
| left nil to indicate that the default SnapshotClass should be | |
| used. A given cluster may have multiple default Volume SnapshotClasses: | |
| one default per CSI Driver. If a VolumeSnapshot does not specify | |
| a SnapshotClass, VolumeSnapshotSource will be checked to figure | |
| out what the associated CSI Driver is, and the default VolumeSnapshotClass | |
| associated with that CSI Driver will be used. If more than one | |
| VolumeSnapshotClass exist for a given CSI Driver and more than | |
| one have been marked as default, CreateSnapshot will fail and | |
| generate an event. Empty string is not allowed for this field.' | |
| type: string | |
| required: | |
| - source | |
| type: object | |
| status: | |
| description: status represents the current information of a snapshot. | |
| Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent | |
| objects is successful (by validating that both VolumeSnapshot and | |
| VolumeSnapshotContent point at each other) before using this object. | |
| properties: | |
| boundVolumeSnapshotContentName: | |
| description: 'boundVolumeSnapshotContentName is the name of the | |
| VolumeSnapshotContent object to which this VolumeSnapshot object | |
| intends to bind to. If not specified, it indicates that the VolumeSnapshot | |
| object has not been successfully bound to a VolumeSnapshotContent | |
| object yet. NOTE: To avoid possible security issues, consumers | |
| must verify binding between VolumeSnapshot and VolumeSnapshotContent | |
| objects is successful (by validating that both VolumeSnapshot | |
| and VolumeSnapshotContent point at each other) before using this | |
| object.' | |
| type: string | |
| creationTime: | |
| description: creationTime is the timestamp when the point-in-time | |
| snapshot is taken by the underlying storage system. In dynamic | |
| snapshot creation case, this field will be filled in by the snapshot | |
| controller with the "creation_time" value returned from CSI "CreateSnapshot" | |
| gRPC call. For a pre-existing snapshot, this field will be filled | |
| with the "creation_time" value returned from the CSI "ListSnapshots" | |
| gRPC call if the driver supports it. If not specified, it may | |
| indicate that the creation time of the snapshot is unknown. | |
| format: date-time | |
| type: string | |
| error: | |
| description: error is the last observed error during snapshot creation, | |
| if any. This field could be helpful to upper level controllers(i.e., | |
| application controller) to decide whether they should continue | |
| on waiting for the snapshot to be created based on the type of | |
| error reported. The snapshot controller will keep retrying when | |
| an error occurrs during the snapshot creation. Upon success, this | |
| error field will be cleared. | |
| properties: | |
| message: | |
| description: 'message is a string detailing the encountered | |
| error during snapshot creation if specified. NOTE: message | |
| may be logged, and it should not contain sensitive information.' | |
| type: string | |
| time: | |
| description: time is the timestamp when the error was encountered. | |
| format: date-time | |
| type: string | |
| type: object | |
| readyToUse: | |
| description: readyToUse indicates if the snapshot is ready to be | |
| used to restore a volume. In dynamic snapshot creation case, this | |
| field will be filled in by the snapshot controller with the "ready_to_use" | |
| value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing | |
| snapshot, this field will be filled with the "ready_to_use" value | |
| returned from the CSI "ListSnapshots" gRPC call if the driver | |
| supports it, otherwise, this field will be set to "True". If not | |
| specified, it means the readiness of a snapshot is unknown. | |
| type: boolean | |
| restoreSize: | |
| description: restoreSize represents the minimum size of volume required | |
| to create a volume from this snapshot. In dynamic snapshot creation | |
| case, this field will be filled in by the snapshot controller | |
| with the "size_bytes" value returned from CSI "CreateSnapshot" | |
| gRPC call. For a pre-existing snapshot, this field will be filled | |
| with the "size_bytes" value returned from the CSI "ListSnapshots" | |
| gRPC call if the driver supports it. When restoring a volume from | |
| this snapshot, the size of the volume MUST NOT be smaller than | |
| the restoreSize if it is specified, otherwise the restoration | |
| will fail. If not specified, it indicates that the size is unknown. | |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ | |
| type: string | |
| x-kubernetes-int-or-string: true | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| served: true | |
| storage: false | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: VolumeSnapshot | |
| listKind: VolumeSnapshotList | |
| plural: volumesnapshots | |
| singular: volumesnapshot | |
| conditions: | |
| - lastTransitionTime: "2022-11-16T06:18:57Z" | |
| message: no conflicts found | |
| reason: NoConflicts | |
| status: "True" | |
| type: NamesAccepted | |
| - lastTransitionTime: "2022-11-16T06:18:57Z" | |
| message: the initial names have been accepted | |
| reason: InitialNamesAccepted | |
| status: "True" | |
| type: Established | |
| - lastTransitionTime: "2022-11-16T06:18:57Z" | |
| message: approved in https://github.com/kubernetes-csi/external-snapshotter/pull/419 | |
| reason: ApprovedAnnotation | |
| status: "True" | |
| type: KubernetesAPIApprovalPolicyConformant | |
| storedVersions: | |
| - v1 | |
| kind: List | |
| metadata: | |
| resourceVersion: "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment