k-space/kube
10
1
Fork 3
Code Issues 31 Pull Requests Activity
9223c956c0
kube/cnpg-system/application.yml
Lauri Võsandi d419ac56e1 Add CloudNativePG
2023-08-16 10:29:09 +03:00

13216 lines
784 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/name: cloudnative-pg
name: cnpg-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: backups.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: Backup
listKind: BackupList
plural: backups
singular: backup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.cluster.name
name: Cluster
type: string
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .status.error
name: Error
type: string
name: v1
schema:
openAPIV3Schema:
description: Backup is the Schema for the backups API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the desired behavior of the backup. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
cluster:
description: The cluster to backup
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
target:
description: The policy to decide which instance should perform this
backup. If empty, it defaults to `cluster.spec.backup.target`. Available
options are empty string, `primary` and `prefer-standby`. `primary`
to have backups run always on primary instances, `prefer-standby`
to have backups run preferably on the most updated standby, if available.
enum:
- primary
- prefer-standby
type: string
type: object
status:
description: 'Most recently observed status of the backup. This data may
not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
azureCredentials:
description: The credentials to use to upload data to Azure Blob Storage
properties:
connectionString:
description: The connection string to be used
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromAzureAD:
description: Use the Azure AD based authentication without providing
explicitly the keys.
type: boolean
storageAccount:
description: The storage account where to upload data
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageKey:
description: The storage account key to be used in conjunction
with the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageSasToken:
description: A shared-access-signature to be used in conjunction
with the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
backupId:
description: The ID of the Barman backup
type: string
backupName:
description: The Name of the Barman backup
type: string
beginLSN:
description: The starting xlog
type: string
beginWal:
description: The starting WAL
type: string
commandError:
description: The backup command output in case of error
type: string
commandOutput:
description: Unused. Retained for compatibility with old versions.
type: string
destinationPath:
description: The path where to store the backup (i.e. s3://bucket/path/to/folder)
this path, with different destination folders, will be used for
WALs and for data. This may not be populated in case of errors.
type: string
encryption:
description: Encryption method required to S3 API
type: string
endLSN:
description: The ending xlog
type: string
endWal:
description: The ending WAL
type: string
endpointCA:
description: EndpointCA store the CA bundle of the barman endpoint.
Useful when using self-signed certificates to avoid errors with
certificate issuer and barman-cloud-wal-archive.
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
endpointURL:
description: Endpoint to be used to upload data to the cloud, overriding
the automatic endpoint discovery
type: string
error:
description: The detected error
type: string
googleCredentials:
description: The credentials to use to upload data to Google Cloud
Storage
properties:
applicationCredentials:
description: The secret containing the Google Cloud Storage JSON
file with the credentials
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
gkeEnvironment:
description: If set to true, will presume that it's running inside
a GKE environment, default to false.
type: boolean
type: object
instanceID:
description: Information to identify the instance where the backup
has been taken from
properties:
ContainerID:
description: The container ID
type: string
podName:
description: The pod name
type: string
type: object
phase:
description: The last backup status
type: string
s3Credentials:
description: The credentials to use to upload data to S3
properties:
accessKeyId:
description: The reference to the access key id
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromIAMRole:
description: Use the role based authentication without providing
explicitly the keys.
type: boolean
region:
description: The reference to the secret containing the region
name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
secretAccessKey:
description: The reference to the secret access key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
sessionToken:
description: The references to the session key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
serverName:
description: The server name on S3, the cluster name is used if this
parameter is omitted
type: string
startedAt:
description: When the backup was started
format: date-time
type: string
stoppedAt:
description: When the backup was terminated
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: clusters.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: Cluster
listKind: ClusterList
plural: clusters
singular: cluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- description: Number of instances
jsonPath: .status.instances
name: Instances
type: integer
- description: Number of ready instances
jsonPath: .status.readyInstances
name: Ready
type: integer
- description: Cluster current status
jsonPath: .status.phase
name: Status
type: string
- description: Primary pod
jsonPath: .status.currentPrimary
name: Primary
type: string
name: v1
schema:
openAPIV3Schema:
description: Cluster is the Schema for the PostgreSQL API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the desired behavior of the cluster. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
affinity:
description: Affinity/Anti-affinity rules for Pods
properties:
additionalPodAffinity:
description: AdditionalPodAffinity allows to specify pod affinity
terms to be passed to all the cluster's pods.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by this
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may
not try to eventually evict the pod from its node. When
there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms
must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key <topologyKey>
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied to the
union of the namespaces selected by this field and
the ones listed in the namespaces field. null selector
and null or empty namespaces list means "this pod's
namespace". An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list of namespace
names that the term applies to. The term is applied
to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or
empty namespaces list and null namespaceSelector means
"this pod's namespace".
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
additionalPodAntiAffinity:
description: AdditionalPodAntiAffinity allows to specify pod anti-affinity
terms to be added to the ones generated by the operator if EnablePodAntiAffinity
is set to true (default) or to be used exclusively if set to
false.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the anti-affinity expressions specified
by this field, but it may choose a node that violates one
or more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by this
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its
node. When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected, i.e.
all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key <topologyKey>
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied to the
union of the namespaces selected by this field and
the ones listed in the namespaces field. null selector
and null or empty namespaces list means "this pod's
namespace". An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list of namespace
names that the term applies to. The term is applied
to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or
empty namespaces list and null namespaceSelector means
"this pod's namespace".
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
enablePodAntiAffinity:
description: Activates anti-affinity for the pods. The operator
will define pods anti-affinity unless this field is explicitly
set to false
type: boolean
nodeAffinity:
description: 'NodeAffinity describes node affinity scheduling
rules for the pod. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity'
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the
highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects (i.e.
is also a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
x-kubernetes-map-type: atomic
type: object
nodeSelector:
additionalProperties:
type: string
description: 'NodeSelector is map of key-value pairs used to define
the nodes on which the pods can run. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
type: object
podAntiAffinityType:
description: 'PodAntiAffinityType allows the user to decide whether
pod anti-affinity between cluster instance has to be considered
a strong requirement during scheduling or not. Allowed values
are: "preferred" (default if empty) or "required". Setting it
to "required", could lead to instances remaining pending until
new kubernetes nodes are added if all the existing nodes don''t
match the required pod anti-affinity rule. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity'
type: string
tolerations:
description: 'Tolerations is a list of Tolerations that should
be set for all the pods, in order to allow them to run on tainted
nodes. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/'
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
topologyKey:
description: TopologyKey to use for anti-affinity configuration.
See k8s documentation for more info on that
type: string
type: object
backup:
description: The configuration to be used for backups
properties:
barmanObjectStore:
description: The configuration for the barman-cloud tool suite
properties:
azureCredentials:
description: The credentials to use to upload data to Azure
Blob Storage
properties:
connectionString:
description: The connection string to be used
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromAzureAD:
description: Use the Azure AD based authentication without
providing explicitly the keys.
type: boolean
storageAccount:
description: The storage account where to upload data
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageKey:
description: The storage account key to be used in conjunction
with the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageSasToken:
description: A shared-access-signature to be used in conjunction
with the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
data:
description: The configuration to be used to backup the data
files When not defined, base backups files will be stored
uncompressed and may be unencrypted in the object store,
according to the bucket default policy.
properties:
compression:
description: Compress a backup file (a tar file per tablespace)
while streaming it to the object store. Available options
are empty string (no compression, default), `gzip`,
`bzip2` or `snappy`.
enum:
- gzip
- bzip2
- snappy
type: string
encryption:
description: Whenever to force the encryption of files
(if the bucket is not already configured for that).
Allowed options are empty string (use the bucket policy,
default), `AES256` and `aws:kms`
enum:
- AES256
- aws:kms
type: string
immediateCheckpoint:
description: Control whether the I/O workload for the
backup initial checkpoint will be limited, according
to the `checkpoint_completion_target` setting on the
PostgreSQL server. If set to true, an immediate checkpoint
will be used, meaning PostgreSQL will complete the checkpoint
as soon as possible. `false` by default.
type: boolean
jobs:
description: The number of parallel jobs to be used to
upload the backup, defaults to 2
format: int32
minimum: 1
type: integer
type: object
destinationPath:
description: The path where to store the backup (i.e. s3://bucket/path/to/folder)
this path, with different destination folders, will be used
for WALs and for data
minLength: 1
type: string
endpointCA:
description: EndpointCA store the CA bundle of the barman
endpoint. Useful when using self-signed certificates to
avoid errors with certificate issuer and barman-cloud-wal-archive
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
endpointURL:
description: Endpoint to be used to upload data to the cloud,
overriding the automatic endpoint discovery
type: string
googleCredentials:
description: The credentials to use to upload data to Google
Cloud Storage
properties:
applicationCredentials:
description: The secret containing the Google Cloud Storage
JSON file with the credentials
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
gkeEnvironment:
description: If set to true, will presume that it's running
inside a GKE environment, default to false.
type: boolean
type: object
historyTags:
additionalProperties:
type: string
description: HistoryTags is a list of key value pairs that
will be passed to the Barman --history-tags option.
type: object
s3Credentials:
description: The credentials to use to upload data to S3
properties:
accessKeyId:
description: The reference to the access key id
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromIAMRole:
description: Use the role based authentication without
providing explicitly the keys.
type: boolean
region:
description: The reference to the secret containing the
region name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
secretAccessKey:
description: The reference to the secret access key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
sessionToken:
description: The references to the session key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
serverName:
description: The server name on S3, the cluster name is used
if this parameter is omitted
type: string
tags:
additionalProperties:
type: string
description: Tags is a list of key value pairs that will be
passed to the Barman --tags option.
type: object
wal:
description: The configuration for the backup of the WAL stream.
When not defined, WAL files will be stored uncompressed
and may be unencrypted in the object store, according to
the bucket default policy.
properties:
compression:
description: Compress a WAL file before sending it to
the object store. Available options are empty string
(no compression, default), `gzip`, `bzip2` or `snappy`.
enum:
- gzip
- bzip2
- snappy
type: string
encryption:
description: Whenever to force the encryption of files
(if the bucket is not already configured for that).
Allowed options are empty string (use the bucket policy,
default), `AES256` and `aws:kms`
enum:
- AES256
- aws:kms
type: string
maxParallel:
description: Number of WAL files to be either archived
in parallel (when the PostgreSQL instance is archiving
to a backup object store) or restored in parallel (when
a PostgreSQL standby is fetching WAL files from a recovery
object store). If not specified, WAL files will be processed
one at a time. It accepts a positive integer as a value
- with 1 being the minimum accepted value.
minimum: 1
type: integer
type: object
required:
- destinationPath
type: object
retentionPolicy:
description: RetentionPolicy is the retention policy to be used
for backups and WALs (i.e. '60d'). The retention policy is expressed
in the form of `XXu` where `XX` is a positive integer and `u`
is in `[dwm]` - days, weeks, months.
pattern: ^[1-9][0-9]*[dwm]$
type: string
target:
default: prefer-standby
description: The policy to decide which instance should perform
backups. Available options are empty string, which will default
to `prefer-standby` policy, `primary` to have backups run always
on primary instances, `prefer-standby` to have backups run preferably
on the most updated standby, if available.
enum:
- primary
- prefer-standby
type: string
type: object
bootstrap:
description: Instructions to bootstrap this cluster
properties:
initdb:
description: Bootstrap the cluster via initdb
properties:
dataChecksums:
description: 'Whether the `-k` option should be passed to
initdb, enabling checksums on data pages (default: `false`)'
type: boolean
database:
description: 'Name of the database used by the application.
Default: `app`.'
type: string
encoding:
description: The value to be passed as option `--encoding`
for initdb (default:`UTF8`)
type: string
import:
description: Bootstraps the new cluster by importing data
from an existing PostgreSQL instance using logical backup
(`pg_dump` and `pg_restore`)
properties:
databases:
description: The databases to import
items:
type: string
type: array
postImportApplicationSQL:
description: List of SQL queries to be executed as a superuser
in the application database right after is imported
- to be used with extreme care (by default empty). Only
available in microservice type.
items:
type: string
type: array
roles:
description: The roles to import
items:
type: string
type: array
schemaOnly:
default: false
description: 'When set to true, only the `pre-data` and
`post-data` sections of `pg_restore` are invoked, avoiding
data import. Default: `false`.'
type: boolean
source:
description: The source of the import
properties:
externalCluster:
description: The name of the externalCluster used
for import
type: string
required:
- externalCluster
type: object
type:
description: The import type. Can be `microservice` or
`monolith`.
enum:
- microservice
- monolith
type: string
required:
- databases
- source
- type
type: object
localeCType:
description: The value to be passed as option `--lc-ctype`
for initdb (default:`C`)
type: string
localeCollate:
description: The value to be passed as option `--lc-collate`
for initdb (default:`C`)
type: string
options:
description: 'The list of options that must be passed to initdb
when creating the cluster. Deprecated: This could lead to
inconsistent configurations, please use the explicit provided
parameters instead. If defined, explicit values will be
ignored.'
items:
type: string
type: array
owner:
description: Name of the owner of the database in the instance
to be used by applications. Defaults to the value of the
`database` key.
type: string
postInitApplicationSQL:
description: List of SQL queries to be executed as a superuser
in the application database right after is created - to
be used with extreme care (by default empty)
items:
type: string
type: array
postInitApplicationSQLRefs:
description: PostInitApplicationSQLRefs points references
to ConfigMaps or Secrets which contain SQL files, the general
implementation order to these references is from all Secrets
to all ConfigMaps, and inside Secrets or ConfigMaps, the
implementation order is same as the order of each array
(by default empty)
properties:
configMapRefs:
description: ConfigMapRefs holds a list of references
to ConfigMaps
items:
description: ConfigMapKeySelector contains enough information
to let you locate the key of a ConfigMap
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: array
secretRefs:
description: SecretRefs holds a list of references to
Secrets
items:
description: SecretKeySelector contains enough information
to let you locate the key of a Secret
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: array
type: object
postInitSQL:
description: List of SQL queries to be executed as a superuser
immediately after the cluster has been created - to be used
with extreme care (by default empty)
items:
type: string
type: array
postInitTemplateSQL:
description: List of SQL queries to be executed as a superuser
in the `template1` after the cluster has been created -
to be used with extreme care (by default empty)
items:
type: string
type: array
secret:
description: Name of the secret containing the initial credentials
for the owner of the user database. If empty a new secret
will be created from scratch
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
walSegmentSize:
description: 'The value in megabytes (1 to 1024) to be passed
to the `--wal-segsize` option for initdb (default: empty,
resulting in PostgreSQL default: 16MB)'
maximum: 1024
minimum: 1
type: integer
type: object
pg_basebackup:
description: Bootstrap the cluster taking a physical backup of
another compatible PostgreSQL instance
properties:
database:
description: 'Name of the database used by the application.
Default: `app`.'
type: string
owner:
description: Name of the owner of the database in the instance
to be used by applications. Defaults to the value of the
`database` key.
type: string
secret:
description: Name of the secret containing the initial credentials
for the owner of the user database. If empty a new secret
will be created from scratch
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
source:
description: The name of the server of which we need to take
a physical backup
minLength: 1
type: string
required:
- source
type: object
recovery:
description: Bootstrap the cluster from a backup
properties:
backup:
description: The backup object containing the physical base
backup from which to initiate the recovery procedure. Mutually
exclusive with `source` and `volumeSnapshots`.
properties:
endpointCA:
description: EndpointCA store the CA bundle of the barman
endpoint. Useful when using self-signed certificates
to avoid errors with certificate issuer and barman-cloud-wal-archive.
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
name:
description: Name of the referent.
type: string
required:
- name
type: object
database:
description: 'Name of the database used by the application.
Default: `app`.'
type: string
owner:
description: Name of the owner of the database in the instance
to be used by applications. Defaults to the value of the
`database` key.
type: string
recoveryTarget:
description: 'By default, the recovery process applies all
the available WAL files in the archive (full recovery).
However, you can also end the recovery as soon as a consistent
state is reached or recover to a point-in-time (PITR) by
specifying a `RecoveryTarget` object, as expected by PostgreSQL
(i.e., timestamp, transaction Id, LSN, ...). More info:
https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET'
properties:
backupID:
description: The ID of the backup from which to start
the recovery process. If empty (default) the operator
will automatically detect the backup based on targetTime
or targetLSN if specified. Otherwise use the latest
available backup in chronological order.
type: string
exclusive:
description: Set the target to be exclusive. If omitted,
defaults to false, so that in Postgres, `recovery_target_inclusive`
will be true
type: boolean
targetImmediate:
description: End recovery as soon as a consistent state
is reached
type: boolean
targetLSN:
description: The target LSN (Log Sequence Number)
type: string
targetName:
description: The target name (to be previously created
with `pg_create_restore_point`)
type: string
targetTLI:
description: The target timeline ("latest" or a positive
integer)
type: string
targetTime:
description: The target time as a timestamp in the RFC3339
standard
type: string
targetXID:
description: The target transaction ID
type: string
type: object
secret:
description: Name of the secret containing the initial credentials
for the owner of the user database. If empty a new secret
will be created from scratch
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
source:
description: The external cluster whose backup we will restore.
This is also used as the name of the folder under which
the backup is stored, so it must be set to the name of the
source cluster Mutually exclusive with `backup` and `volumeSnapshots`.
type: string
volumeSnapshots:
description: The static PVC data source(s) from which to initiate
the recovery procedure. Currently supporting `VolumeSnapshot`
and `PersistentVolumeClaim` resources that map an existing
PVC group, compatible with CloudNativePG, and taken with
a cold backup copy on a fenced Postgres instance (limitation
which will be removed in the future when online backup will
be implemented). Mutually exclusive with `backup` and `source`.
properties:
storage:
description: Configuration of the storage of the instances
properties:
apiGroup:
description: APIGroup is the group for the resource
being referenced. If APIGroup is not specified,
the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
walStorage:
description: Configuration of the storage for PostgreSQL
WAL (Write-Ahead Log)
properties:
apiGroup:
description: APIGroup is the group for the resource
being referenced. If APIGroup is not specified,
the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
required:
- storage
type: object
type: object
type: object
certificates:
description: The configuration for the CA and related certificates
properties:
clientCASecret:
description: 'The secret containing the Client CA certificate.
If not defined, a new secret will be created with a self-signed
CA and will be used to generate all the client certificates.<br
/> <br /> Contains:<br /> <br /> - `ca.crt`: CA that should
be used to validate the client certificates, used as `ssl_ca_file`
of all the instances.<br /> - `ca.key`: key used to generate
client certificates, if ReplicationTLSSecret is provided, this
can be omitted.<br />'
type: string
replicationTLSSecret:
description: The secret of type kubernetes.io/tls containing the
client certificate to authenticate as the `streaming_replica`
user. If not defined, ClientCASecret must provide also `ca.key`,
and a new secret will be created using the provided CA.
type: string
serverAltDNSNames:
description: The list of the server alternative DNS names to be
added to the generated server TLS certificates, when required.
items:
type: string
type: array
serverCASecret:
description: 'The secret containing the Server CA certificate.
If not defined, a new secret will be created with a self-signed
CA and will be used to generate the TLS certificate ServerTLSSecret.<br
/> <br /> Contains:<br /> <br /> - `ca.crt`: CA that should
be used to validate the server certificate, used as `sslrootcert`
in client connection strings.<br /> - `ca.key`: key used to
generate Server SSL certs, if ServerTLSSecret is provided, this
can be omitted.<br />'
type: string
serverTLSSecret:
description: The secret of type kubernetes.io/tls containing the
server TLS certificate and key that will be set as `ssl_cert_file`
and `ssl_key_file` so that clients can connect to postgres securely.
If not defined, ServerCASecret must provide also `ca.key` and
a new secret will be created using the provided CA.
type: string
type: object
description:
description: Description of this PostgreSQL cluster
type: string
enableSuperuserAccess:
default: true
description: When this option is enabled, the operator will use the
`SuperuserSecret` to update the `postgres` user password (if the
secret is not present, the operator will automatically create one).
When this option is disabled, the operator will ignore the `SuperuserSecret`
content, delete it when automatically created, and then blank the
password of the `postgres` user by setting it to `NULL`. Enabled
by default.
type: boolean
env:
description: Env follows the Env format to pass environment variables
to the pods created in the cluster
items:
description: EnvVar represents an environment variable present in
a Container.
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded using
the previously defined environment variables in the container
and any service environment variables. If a variable cannot
be resolved, the reference in the input string will be unchanged.
Double $$ are reduced to a single $, which allows for escaping
the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable exists or
not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value. Cannot
be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName, status.hostIP,
status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the exposed
resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
envFrom:
description: EnvFrom follows the EnvFrom format to pass environment
variables sources to the pods to be used by Env
items:
description: EnvFromSource represents the source of a set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend to each key in
the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
type: object
type: array
externalClusters:
description: The list of external clusters which are used in the configuration
items:
description: ExternalCluster represents the connection parameters
to an external cluster which is used in the other sections of
the configuration
properties:
barmanObjectStore:
description: The configuration for the barman-cloud tool suite
properties:
azureCredentials:
description: The credentials to use to upload data to Azure
Blob Storage
properties:
connectionString:
description: The connection string to be used
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromAzureAD:
description: Use the Azure AD based authentication without
providing explicitly the keys.
type: boolean
storageAccount:
description: The storage account where to upload data
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageKey:
description: The storage account key to be used in conjunction
with the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageSasToken:
description: A shared-access-signature to be used in
conjunction with the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
data:
description: The configuration to be used to backup the
data files When not defined, base backups files will be
stored uncompressed and may be unencrypted in the object
store, according to the bucket default policy.
properties:
compression:
description: Compress a backup file (a tar file per
tablespace) while streaming it to the object store.
Available options are empty string (no compression,
default), `gzip`, `bzip2` or `snappy`.
enum:
- gzip
- bzip2
- snappy
type: string
encryption:
description: Whenever to force the encryption of files
(if the bucket is not already configured for that).
Allowed options are empty string (use the bucket policy,
default), `AES256` and `aws:kms`
enum:
- AES256
- aws:kms
type: string
immediateCheckpoint:
description: Control whether the I/O workload for the
backup initial checkpoint will be limited, according
to the `checkpoint_completion_target` setting on the
PostgreSQL server. If set to true, an immediate checkpoint
will be used, meaning PostgreSQL will complete the
checkpoint as soon as possible. `false` by default.
type: boolean
jobs:
description: The number of parallel jobs to be used
to upload the backup, defaults to 2
format: int32
minimum: 1
type: integer
type: object
destinationPath:
description: The path where to store the backup (i.e. s3://bucket/path/to/folder)
this path, with different destination folders, will be
used for WALs and for data
minLength: 1
type: string
endpointCA:
description: EndpointCA store the CA bundle of the barman
endpoint. Useful when using self-signed certificates to
avoid errors with certificate issuer and barman-cloud-wal-archive
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
endpointURL:
description: Endpoint to be used to upload data to the cloud,
overriding the automatic endpoint discovery
type: string
googleCredentials:
description: The credentials to use to upload data to Google
Cloud Storage
properties:
applicationCredentials:
description: The secret containing the Google Cloud
Storage JSON file with the credentials
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
gkeEnvironment:
description: If set to true, will presume that it's
running inside a GKE environment, default to false.
type: boolean
type: object
historyTags:
additionalProperties:
type: string
description: HistoryTags is a list of key value pairs that
will be passed to the Barman --history-tags option.
type: object
s3Credentials:
description: The credentials to use to upload data to S3
properties:
accessKeyId:
description: The reference to the access key id
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromIAMRole:
description: Use the role based authentication without
providing explicitly the keys.
type: boolean
region:
description: The reference to the secret containing
the region name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
secretAccessKey:
description: The reference to the secret access key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
sessionToken:
description: The references to the session key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
serverName:
description: The server name on S3, the cluster name is
used if this parameter is omitted
type: string
tags:
additionalProperties:
type: string
description: Tags is a list of key value pairs that will
be passed to the Barman --tags option.
type: object
wal:
description: The configuration for the backup of the WAL
stream. When not defined, WAL files will be stored uncompressed
and may be unencrypted in the object store, according
to the bucket default policy.
properties:
compression:
description: Compress a WAL file before sending it to
the object store. Available options are empty string
(no compression, default), `gzip`, `bzip2` or `snappy`.
enum:
- gzip
- bzip2
- snappy
type: string
encryption:
description: Whenever to force the encryption of files
(if the bucket is not already configured for that).
Allowed options are empty string (use the bucket policy,
default), `AES256` and `aws:kms`
enum:
- AES256
- aws:kms
type: string
maxParallel:
description: Number of WAL files to be either archived
in parallel (when the PostgreSQL instance is archiving
to a backup object store) or restored in parallel
(when a PostgreSQL standby is fetching WAL files from
a recovery object store). If not specified, WAL files
will be processed one at a time. It accepts a positive
integer as a value - with 1 being the minimum accepted
value.
minimum: 1
type: integer
type: object
required:
- destinationPath
type: object
connectionParameters:
additionalProperties:
type: string
description: The list of connection parameters, such as dbname,
host, username, etc
type: object
name:
description: The server name, required
type: string
password:
description: The reference to the password to be used to connect
to the server
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sslCert:
description: The reference to an SSL certificate to be used
to connect to this instance
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sslKey:
description: The reference to an SSL private key to be used
to connect to this instance
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sslRootCert:
description: The reference to an SSL CA public key to be used
to connect to this instance
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- name
type: object
type: array
failoverDelay:
default: 0
description: The amount of time (in seconds) to wait before triggering
a failover after the primary PostgreSQL instance in the cluster
was detected to be unhealthy
format: int32
type: integer
imageName:
description: Name of the container image, supporting both tags (`<image>:<tag>`)
and digests for deterministic and repeatable deployments (`<image>:<tag>@sha256:<digestValue>`)
type: string
imagePullPolicy:
description: 'Image pull policy. One of `Always`, `Never` or `IfNotPresent`.
If not defined, it defaults to `IfNotPresent`. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
imagePullSecrets:
description: The list of pull secrets to be used to pull the images
items:
description: LocalObjectReference contains enough information to
let you locate a local object with a known type inside the same
namespace
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
type: array
inheritedMetadata:
description: Metadata that will be inherited by all objects related
to the Cluster
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
instances:
default: 1
description: Number of instances required in the cluster
minimum: 1
type: integer
logLevel:
default: info
description: 'The instances'' log level, one of the following values:
error, warning, info (default), debug, trace'
enum:
- error
- warning
- info
- debug
- trace
type: string
managed:
description: The configuration that is used by the portions of PostgreSQL
that are managed by the instance manager
properties:
roles:
description: Database roles managed by the `Cluster`
items:
description: "RoleConfiguration is the representation, in Kubernetes,
of a PostgreSQL role with the additional field Ensure specifying
whether to ensure the presence or absence of the role in the
database \n The defaults of the CREATE ROLE command are applied
Reference: https://www.postgresql.org/docs/current/sql-createrole.html"
properties:
bypassrls:
description: Whether a role bypasses every row-level security
(RLS) policy. Default is `false`.
type: boolean
comment:
description: Description of the role
type: string
connectionLimit:
default: -1
description: If the role can log in, this specifies how
many concurrent connections the role can make. `-1` (the
default) means no limit.
format: int64
type: integer
createdb:
description: When set to `true`, the role being defined
will be allowed to create new databases. Specifying `false`
(default) will deny a role the ability to create databases.
type: boolean
createrole:
description: Whether the role will be permitted to create,
alter, drop, comment on, change the security label for,
and grant or revoke membership in other roles. Default
is `false`.
type: boolean
disablePassword:
description: DisablePassword indicates that a role's password
should be set to NULL in Postgres
type: boolean
ensure:
default: present
description: Ensure the role is `present` or `absent` -
defaults to "present"
enum:
- present
- absent
type: string
inRoles:
description: List of one or more existing roles to which
this role will be immediately added as a new member. Default
empty.
items:
type: string
type: array
inherit:
default: true
description: Whether a role "inherits" the privileges of
roles it is a member of. Defaults is `true`.
type: boolean
login:
description: Whether the role is allowed to log in. A role
having the `login` attribute can be thought of as a user.
Roles without this attribute are useful for managing database
privileges, but are not users in the usual sense of the
word. Default is `false`.
type: boolean
name:
description: Name of the role
type: string
passwordSecret:
description: Secret containing the password of the role
(if present) If null, the password will be ignored unless
DisablePassword is set
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
replication:
description: Whether a role is a replication role. A role
must have this attribute (or be a superuser) in order
to be able to connect to the server in replication mode
(physical or logical replication) and in order to be able
to create or drop replication slots. A role having the
`replication` attribute is a very highly privileged role,
and should only be used on roles actually used for replication.
Default is `false`.
type: boolean
superuser:
description: Whether the role is a `superuser` who can override
all access restrictions within the database - superuser
status is dangerous and should be used only when really
needed. You must yourself be a superuser to create a new
superuser. Defaults is `false`.
type: boolean
validUntil:
description: Date and time after which the role's password
is no longer valid. When omitted, the password will never
expire (default).
format: date-time
type: string
required:
- name
type: object
type: array
type: object
maxSyncReplicas:
default: 0
description: The target value for the synchronous replication quorum,
that can be decreased if the number of ready standbys is lower than
this. Undefined or 0 disable synchronous replication.
minimum: 0
type: integer
minSyncReplicas:
default: 0
description: Minimum number of instances required in synchronous replication
with the primary. Undefined or 0 allow writes to complete when no
standby is available.
minimum: 0
type: integer
monitoring:
description: The configuration of the monitoring infrastructure of
this cluster
properties:
customQueriesConfigMap:
description: The list of config maps containing the custom queries
items:
description: ConfigMapKeySelector contains enough information
to let you locate the key of a ConfigMap
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: array
customQueriesSecret:
description: The list of secrets containing the custom queries
items:
description: SecretKeySelector contains enough information to
let you locate the key of a Secret
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: array
disableDefaultQueries:
default: false
description: 'Whether the default queries should be injected.
Set it to `true` if you don''t want to inject default queries
into the cluster. Default: false.'
type: boolean
enablePodMonitor:
default: false
description: Enable or disable the `PodMonitor`
type: boolean
type: object
nodeMaintenanceWindow:
description: Define a maintenance window for the Kubernetes nodes
properties:
inProgress:
default: false
description: Is there a node maintenance activity in progress?
type: boolean
reusePVC:
default: true
description: Reuse the existing PVC (wait for the node to come
up again) or not (recreate it elsewhere - when `instances` >1)
type: boolean
required:
- inProgress
type: object
postgresGID:
default: 26
description: The GID of the `postgres` user inside the image, defaults
to `26`
format: int64
type: integer
postgresUID:
default: 26
description: The UID of the `postgres` user inside the image, defaults
to `26`
format: int64
type: integer
postgresql:
description: Configuration of the PostgreSQL server
properties:
ldap:
description: Options to specify LDAP configuration
properties:
bindAsAuth:
description: Bind as authentication configuration
properties:
prefix:
description: Prefix for the bind authentication option
type: string
suffix:
description: Suffix for the bind authentication option
type: string
type: object
bindSearchAuth:
description: Bind+Search authentication configuration
properties:
baseDN:
description: Root DN to begin the user search
type: string
bindDN:
description: DN of the user to bind to the directory
type: string
bindPassword:
description: Secret with the password for the user to
bind to the directory
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
searchAttribute:
description: Attribute to match against the username
type: string
searchFilter:
description: Search filter to use when doing the search+bind
authentication
type: string
type: object
port:
description: LDAP server port
type: integer
scheme:
description: LDAP schema to be used, possible options are
`ldap` and `ldaps`
enum:
- ldap
- ldaps
type: string
server:
description: LDAP hostname or IP address
type: string
tls:
description: Set to 'true' to enable LDAP over TLS. 'false'
is default
type: boolean
type: object
parameters:
additionalProperties:
type: string
description: PostgreSQL configuration options (postgresql.conf)
type: object
pg_hba:
description: PostgreSQL Host Based Authentication rules (lines
to be appended to the pg_hba.conf file)
items:
type: string
type: array
promotionTimeout:
description: Specifies the maximum number of seconds to wait when
promoting an instance to primary. Default value is 40000000,
greater than one year in seconds, big enough to simulate an
infinite timeout
format: int32
type: integer
shared_preload_libraries:
description: Lists of shared preload libraries to add to the default
ones
items:
type: string
type: array
syncReplicaElectionConstraint:
description: Requirements to be met by sync replicas. This will
affect how the "synchronous_standby_names" parameter will be
set up.
properties:
enabled:
description: This flag enables the constraints for sync replicas
type: boolean
nodeLabelsAntiAffinity:
description: A list of node labels values to extract and compare
to evaluate if the pods reside in the same topology or not
items:
type: string
type: array
required:
- enabled
type: object
type: object
primaryUpdateMethod:
default: restart
description: 'Method to follow to upgrade the primary server during
a rolling update procedure, after all replicas have been successfully
updated: it can be with a switchover (`switchover`) or in-place
(`restart` - default)'
enum:
- switchover
- restart
type: string
primaryUpdateStrategy:
default: unsupervised
description: 'Deployment strategy to follow to upgrade the primary
server during a rolling update procedure, after all replicas have
been successfully updated: it can be automated (`unsupervised` -
default) or manual (`supervised`)'
enum:
- unsupervised
- supervised
type: string
priorityClassName:
description: Name of the priority class which will be used in every
generated Pod, if the PriorityClass specified does not exist, the
pod will not be able to schedule. Please refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
for more information
type: string
projectedVolumeTemplate:
description: Template to be used to define projected volumes, projected
volumes will be mounted under `/projected` base folder
properties:
defaultMode:
description: defaultMode are the mode bits used to set permissions
on created files by default. Must be an octal value between
0000 and 0777 or a decimal value between 0 and 511. YAML accepts
both octal and decimal values, JSON requires decimal values
for mode bits. Directories within the path are not affected
by this setting. This might be in conflict with other options
that affect the file mode, like fsGroup, and the result can
be other mode bits set.
format: int32
type: integer
sources:
description: sources is the list of volume projections
items:
description: Projection that may be projected along with other
supported volume types
properties:
configMap:
description: configMap information about the configMap data
to project
properties:
items:
description: items if unspecified, each key-value pair
in the Data field of the referenced ConfigMap will
be projected into the volume as a file whose name
is the key and content is the value. If specified,
the listed keys will be projected into the specified
paths, and unlisted keys will not be present. If a
key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional.
Paths must be relative and may not contain the '..'
path or start with '..'.
items:
description: Maps a string key to a path within a
volume.
properties:
key:
description: key is the key to project.
type: string
mode:
description: 'mode is Optional: mode bits used
to set permissions on this file. Must be an
octal value between 0000 and 0777 or a decimal
value between 0 and 511. YAML accepts both octal
and decimal values, JSON requires decimal values
for mode bits. If not specified, the volume
defaultMode will be used. This might be in conflict
with other options that affect the file mode,
like fsGroup, and the result can be other mode
bits set.'
format: int32
type: integer
path:
description: path is the relative path of the
file to map the key to. May not be an absolute
path. May not contain the path element '..'.
May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: optional specify whether the ConfigMap
or its keys must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
downwardAPI:
description: downwardAPI information about the downwardAPI
data to project
properties:
items:
description: Items is a list of DownwardAPIVolume file
items:
description: DownwardAPIVolumeFile represents information
to create the file containing the pod field
properties:
fieldRef:
description: 'Required: Selects a field of the
pod: only annotations, labels, name and namespace
are supported.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in
the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used to set
permissions on this file, must be an octal value
between 0000 and 0777 or a decimal value between
0 and 511. YAML accepts both octal and decimal
values, JSON requires decimal values for mode
bits. If not specified, the volume defaultMode
will be used. This might be in conflict with
other options that affect the file mode, like
fsGroup, and the result can be other mode bits
set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative
path name of the file to be created. Must not
be absolute or contain the ''..'' path. Must
be utf-8 encoded. The first item of the relative
path must not start with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, requests.cpu and requests.memory)
are currently supported.'
properties:
containerName:
description: 'Container name: required for
volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of
the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
description: secret information about the secret data to
project
properties:
items:
description: items if unspecified, each key-value pair
in the Data field of the referenced Secret will be
projected into the volume as a file whose name is
the key and content is the value. If specified, the
listed keys will be projected into the specified paths,
and unlisted keys will not be present. If a key is
specified which is not present in the Secret, the
volume setup will error unless it is marked optional.
Paths must be relative and may not contain the '..'
path or start with '..'.
items:
description: Maps a string key to a path within a
volume.
properties:
key:
description: key is the key to project.
type: string
mode:
description: 'mode is Optional: mode bits used
to set permissions on this file. Must be an
octal value between 0000 and 0777 or a decimal
value between 0 and 511. YAML accepts both octal
and decimal values, JSON requires decimal values
for mode bits. If not specified, the volume
defaultMode will be used. This might be in conflict
with other options that affect the file mode,
like fsGroup, and the result can be other mode
bits set.'
format: int32
type: integer
path:
description: path is the relative path of the
file to map the key to. May not be an absolute
path. May not contain the path element '..'.
May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: optional field specify whether the Secret
or its key must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
serviceAccountToken:
description: serviceAccountToken is information about the
serviceAccountToken data to project
properties:
audience:
description: audience is the intended audience of the
token. A recipient of a token must identify itself
with an identifier specified in the audience of the
token, and otherwise should reject the token. The
audience defaults to the identifier of the apiserver.
type: string
expirationSeconds:
description: expirationSeconds is the requested duration
of validity of the service account token. As the token
approaches expiration, the kubelet volume plugin will
proactively rotate the service account token. The
kubelet will start trying to rotate the token if the
token is older than 80 percent of its time to live
or if the token is older than 24 hours.Defaults to
1 hour and must be at least 10 minutes.
format: int64
type: integer
path:
description: path is the path relative to the mount
point of the file to project the token into.
type: string
required:
- path
type: object
type: object
type: array
type: object
replica:
description: Replica cluster configuration
properties:
enabled:
description: If replica mode is enabled, this cluster will be
a replica of an existing cluster. Replica cluster can be created
from a recovery object store or via streaming through pg_basebackup.
Refer to the Replication page of the documentation for more
information.
type: boolean
source:
description: The name of the external cluster which is the replication
origin
minLength: 1
type: string
required:
- source
type: object
replicationSlots:
description: Replication slots management configuration
properties:
highAvailability:
description: Replication slots for high availability configuration
properties:
enabled:
default: false
description: If enabled, the operator will automatically manage
replication slots on the primary instance and use them in
streaming replication connections with all the standby instances
that are part of the HA cluster. If disabled (default),
the operator will not take advantage of replication slots
in streaming connections with the replicas. This feature
also controls replication slots in replica cluster, from
the designated primary to its cascading replicas. This can
only be set at creation time.
type: boolean
slotPrefix:
default: _cnpg_
description: Prefix for replication slots managed by the operator
for HA. It may only contain lower case letters, numbers,
and the underscore character. This can only be set at creation
time. By default set to `_cnpg_`.
pattern: ^[0-9a-z_]*$
type: string
type: object
updateInterval:
default: 30
description: Standby will update the status of the local replication
slots every `updateInterval` seconds (default 30).
minimum: 1
type: integer
type: object
resources:
description: Resources requirements of every generated Pod. Please
refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
for more information.
properties:
claims:
description: "Claims lists the names of resources, defined in
spec.resourceClaims, that are used by this container. \n This
is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be set
for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in pod.spec.resourceClaims
of the Pod where this field is used. It makes that resource
available inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
schedulerName:
description: 'If specified, the pod will be dispatched by specified
Kubernetes scheduler. If not specified, the pod will be dispatched
by the default scheduler. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/'
type: string
seccompProfile:
description: 'The SeccompProfile applied to every Pod and Container.
Defaults to: `RuntimeDefault`'
properties:
localhostProfile:
description: localhostProfile indicates a profile defined in a
file on the node should be used. The profile must be preconfigured
on the node to work. Must be a descending path, relative to
the kubelet's configured seccomp profile location. Must only
be set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp profile will
be applied. Valid options are: \n Localhost - a profile defined
in a file on the node should be used. RuntimeDefault - the container
runtime default profile should be used. Unconfined - no profile
should be applied."
type: string
required:
- type
type: object
serviceAccountTemplate:
description: Configure the generation of the service account
properties:
metadata:
description: Metadata are the metadata to be used for the generated
service account
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map
stored with a resource that may be set by external tools
to store and retrieve arbitrary metadata. They are not queryable
and should be preserved when modifying objects. More info:
http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used
to organize and categorize (scope and select) objects. May
match selectors of replication controllers and services.
More info: http://kubernetes.io/docs/user-guide/labels'
type: object
type: object
required:
- metadata
type: object
startDelay:
default: 30
description: The time in seconds that is allowed for a PostgreSQL
instance to successfully start up (default 30)
format: int32
type: integer
stopDelay:
default: 30
description: The time in seconds that is allowed for a PostgreSQL
instance to gracefully shutdown (default 30)
format: int32
type: integer
storage:
description: Configuration of the storage of the instances
properties:
pvcTemplate:
description: Template to be used to generate the Persistent Volume
Claim
properties:
accessModes:
description: 'accessModes contains the desired access modes
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
description: 'dataSource field can be used to specify either:
* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim) If the provisioner
or an external controller can support the specified data
source, it will create a new volume based on the contents
of the specified data source. When the AnyVolumeDataSource
feature gate is enabled, dataSource contents will be copied
to dataSourceRef, and dataSourceRef contents will be copied
to dataSource when dataSourceRef.namespace is not specified.
If the namespace is specified, then dataSourceRef will not
be copied to dataSource.'
properties:
apiGroup:
description: APIGroup is the group for the resource being
referenced. If APIGroup is not specified, the specified
Kind must be in the core API group. For any other third-party
types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
description: 'dataSourceRef specifies the object from which
to populate the volume with data, if a non-empty volume
is desired. This may be any object from a non-empty API
group (non core object) or a PersistentVolumeClaim object.
When this field is specified, volume binding will only succeed
if the type of the specified object matches some installed
volume populator or dynamic provisioner. This field will
replace the functionality of the dataSource field and as
such if both fields are non-empty, they must have the same
value. For backwards compatibility, when namespace isn''t
specified in dataSourceRef, both fields (dataSource and
dataSourceRef) will be set to the same value automatically
if one of them is empty and the other is non-empty. When
namespace is specified in dataSourceRef, dataSource isn''t
set to the same value and must be empty. There are three
important differences between dataSource and dataSourceRef:
* While dataSource only allows two specific types of objects,
dataSourceRef allows any non-core object, as well as PersistentVolumeClaim
objects. * While dataSource ignores disallowed values (dropping
them), dataSourceRef preserves all values, and generates
an error if a disallowed value is specified. * While dataSource
only allows local objects, dataSourceRef allows objects
in any namespaces. (Beta) Using this field requires the
AnyVolumeDataSource feature gate to be enabled. (Alpha)
Using the namespace field of dataSourceRef requires the
CrossNamespaceVolumeDataSource feature gate to be enabled.'
properties:
apiGroup:
description: APIGroup is the group for the resource being
referenced. If APIGroup is not specified, the specified
Kind must be in the core API group. For any other third-party
types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
namespace:
description: Namespace is the namespace of resource being
referenced Note that when a namespace is specified,
a gateway.networking.k8s.io/ReferenceGrant object is
required in the referent namespace to allow that namespace's
owner to accept the reference. See the ReferenceGrant
documentation for details. (Alpha) This field requires
the CrossNamespaceVolumeDataSource feature gate to be
enabled.
type: string
required:
- kind
- name
type: object
resources:
description: 'resources represents the minimum resources the
volume should have. If RecoverVolumeExpansionFailure feature
is enabled users are allowed to specify resource requirements
that are lower than previous value but must still be higher
than capacity recorded in the status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate. \n This field
is immutable. It can only be set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry
in pod.spec.resourceClaims of the Pod where this
field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
description: selector is a label query over volumes to consider
for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
description: 'storageClassName is the name of the StorageClass
required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume is required
by the claim. Value of Filesystem is implied when not included
in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to the PersistentVolume
backing this claim.
type: string
type: object
resizeInUseVolumes:
default: true
description: Resize existent PVCs, defaults to true
type: boolean
size:
description: Size of the storage. Required if not already specified
in the PVC template. Changes to this field are automatically
reapplied to the created PVCs. Size cannot be decreased.
type: string
storageClass:
description: StorageClass to use for database data (`PGDATA`).
Applied after evaluating the PVC template, if available. If
not specified, generated PVCs will be satisfied by the default
storage class
type: string
type: object
superuserSecret:
description: The secret containing the superuser password. If not
defined a new secret will be created with a randomly generated password
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
switchoverDelay:
default: 40000000
description: The time in seconds that is allowed for a primary PostgreSQL
instance to gracefully shutdown during a switchover. Default value
is 40000000, greater than one year in seconds, big enough to simulate
an infinite delay
format: int32
type: integer
topologySpreadConstraints:
description: 'TopologySpreadConstraints specifies how to spread matching
pods among the given topology. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/'
items:
description: TopologySpreadConstraint specifies how to spread matching
pods among the given topology.
properties:
labelSelector:
description: LabelSelector is used to find matching pods. Pods
that match this label selector are counted to determine the
number of pods in their corresponding topology domain.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
description: "MatchLabelKeys is a set of pod label keys to select
the pods over which spreading will be calculated. The keys
are used to lookup values from the incoming pod labels, those
key-value labels are ANDed with labelSelector to select the
group of existing pods over which spreading will be calculated
for the incoming pod. The same key is forbidden to exist in
both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot
be set when LabelSelector isn't set. Keys that don't exist
in the incoming pod labels will be ignored. A null or empty
list means only match against labelSelector. \n This is a
beta field and requires the MatchLabelKeysInPodTopologySpread
feature gate to be enabled (enabled by default)."
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which pods may
be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the number
of matching pods in the target topology and the global minimum.
The global minimum is the minimum number of matching pods
in an eligible domain or zero if the number of eligible domains
is less than MinDomains. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector
spread as 2/2/1: In this case, the global minimum is 1. |
zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
is 1, incoming pod can only be scheduled to zone3 to become
2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies that satisfy
it. It''s a required field. Default value is 1 and 0 is not
allowed.'
format: int32
type: integer
minDomains:
description: "MinDomains indicates a minimum number of eligible
domains. When the number of eligible domains with matching
topology keys is less than minDomains, Pod Topology Spread
treats \"global minimum\" as 0, and then the calculation of
Skew is performed. And when the number of eligible domains
with matching topology keys equals or greater than minDomains,
this value has no effect on scheduling. As a result, when
the number of eligible domains is less than minDomains, scheduler
won't schedule more than maxSkew Pods to those domains. If
value is nil, the constraint behaves as if MinDomains is equal
to 1. Valid values are integers greater than 0. When value
is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
is set to 5 and pods with the same labelSelector spread as
2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
The number of domains is less than 5(MinDomains), so \"global
minimum\" is treated as 0. In this situation, new pod with
the same labelSelector cannot be scheduled, because computed
skew will be 3(3 - 0) if new Pod is scheduled to any of the
three zones, it will violate MaxSkew. \n This is a beta field
and requires the MinDomainsInPodTopologySpread feature gate
to be enabled (enabled by default)."
format: int32
type: integer
nodeAffinityPolicy:
description: "NodeAffinityPolicy indicates how we will treat
Pod's nodeAffinity/nodeSelector when calculating pod topology
spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
are included in the calculations. - Ignore: nodeAffinity/nodeSelector
are ignored. All nodes are included in the calculations. \n
If this value is nil, the behavior is equivalent to the Honor
policy. This is a beta-level feature default enabled by the
NodeInclusionPolicyInPodTopologySpread feature flag."
type: string
nodeTaintsPolicy:
description: "NodeTaintsPolicy indicates how we will treat node
taints when calculating pod topology spread skew. Options
are: - Honor: nodes without taints, along with tainted nodes
for which the incoming pod has a toleration, are included.
- Ignore: node taints are ignored. All nodes are included.
\n If this value is nil, the behavior is equivalent to the
Ignore policy. This is a beta-level feature default enabled
by the NodeInclusionPolicyInPodTopologySpread feature flag."
type: string
topologyKey:
description: TopologyKey is the key of node labels. Nodes that
have a label with this key and identical values are considered
to be in the same topology. We consider each <key, value>
as a "bucket", and try to put balanced number of pods into
each bucket. We define a domain as a particular instance of
a topology. Also, we define an eligible domain as a domain
whose nodes meet the requirements of nodeAffinityPolicy and
nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
each Node is a domain of that topology. And, if TopologyKey
is "topology.kubernetes.io/zone", each zone is a domain of
that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal with a
pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
(default) tells the scheduler not to schedule it. - ScheduleAnyway
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for an
incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
| zone3 | | P P P | P | P | If WhenUnsatisfiable is
set to DoNotSchedule, incoming pod can only be scheduled to
zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
can still be imbalanced, but scheduler won''t make it *more*
imbalanced. It''s a required field.'
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
walStorage:
description: Configuration of the storage for PostgreSQL WAL (Write-Ahead
Log)
properties:
pvcTemplate:
description: Template to be used to generate the Persistent Volume
Claim
properties:
accessModes:
description: 'accessModes contains the desired access modes
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
description: 'dataSource field can be used to specify either:
* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim) If the provisioner
or an external controller can support the specified data
source, it will create a new volume based on the contents
of the specified data source. When the AnyVolumeDataSource
feature gate is enabled, dataSource contents will be copied
to dataSourceRef, and dataSourceRef contents will be copied
to dataSource when dataSourceRef.namespace is not specified.
If the namespace is specified, then dataSourceRef will not
be copied to dataSource.'
properties:
apiGroup:
description: APIGroup is the group for the resource being
referenced. If APIGroup is not specified, the specified
Kind must be in the core API group. For any other third-party
types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
description: 'dataSourceRef specifies the object from which
to populate the volume with data, if a non-empty volume
is desired. This may be any object from a non-empty API
group (non core object) or a PersistentVolumeClaim object.
When this field is specified, volume binding will only succeed
if the type of the specified object matches some installed
volume populator or dynamic provisioner. This field will
replace the functionality of the dataSource field and as
such if both fields are non-empty, they must have the same
value. For backwards compatibility, when namespace isn''t
specified in dataSourceRef, both fields (dataSource and
dataSourceRef) will be set to the same value automatically
if one of them is empty and the other is non-empty. When
namespace is specified in dataSourceRef, dataSource isn''t
set to the same value and must be empty. There are three
important differences between dataSource and dataSourceRef:
* While dataSource only allows two specific types of objects,
dataSourceRef allows any non-core object, as well as PersistentVolumeClaim
objects. * While dataSource ignores disallowed values (dropping
them), dataSourceRef preserves all values, and generates
an error if a disallowed value is specified. * While dataSource
only allows local objects, dataSourceRef allows objects
in any namespaces. (Beta) Using this field requires the
AnyVolumeDataSource feature gate to be enabled. (Alpha)
Using the namespace field of dataSourceRef requires the
CrossNamespaceVolumeDataSource feature gate to be enabled.'
properties:
apiGroup:
description: APIGroup is the group for the resource being
referenced. If APIGroup is not specified, the specified
Kind must be in the core API group. For any other third-party
types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
namespace:
description: Namespace is the namespace of resource being
referenced Note that when a namespace is specified,
a gateway.networking.k8s.io/ReferenceGrant object is
required in the referent namespace to allow that namespace's
owner to accept the reference. See the ReferenceGrant
documentation for details. (Alpha) This field requires
the CrossNamespaceVolumeDataSource feature gate to be
enabled.
type: string
required:
- kind
- name
type: object
resources:
description: 'resources represents the minimum resources the
volume should have. If RecoverVolumeExpansionFailure feature
is enabled users are allowed to specify resource requirements
that are lower than previous value but must still be higher
than capacity recorded in the status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate. \n This field
is immutable. It can only be set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry
in pod.spec.resourceClaims of the Pod where this
field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
description: selector is a label query over volumes to consider
for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
description: 'storageClassName is the name of the StorageClass
required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume is required
by the claim. Value of Filesystem is implied when not included
in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to the PersistentVolume
backing this claim.
type: string
type: object
resizeInUseVolumes:
default: true
description: Resize existent PVCs, defaults to true
type: boolean
size:
description: Size of the storage. Required if not already specified
in the PVC template. Changes to this field are automatically
reapplied to the created PVCs. Size cannot be decreased.
type: string
storageClass:
description: StorageClass to use for database data (`PGDATA`).
Applied after evaluating the PVC template, if available. If
not specified, generated PVCs will be satisfied by the default
storage class
type: string
type: object
required:
- instances
type: object
status:
description: 'Most recently observed status of the cluster. This data
may not be up to date. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
azurePVCUpdateEnabled:
description: AzurePVCUpdateEnabled shows if the PVC online upgrade
is enabled for this cluster
type: boolean
certificates:
description: The configuration for the CA and related certificates,
initialized with defaults.
properties:
clientCASecret:
description: 'The secret containing the Client CA certificate.
If not defined, a new secret will be created with a self-signed
CA and will be used to generate all the client certificates.<br
/> <br /> Contains:<br /> <br /> - `ca.crt`: CA that should
be used to validate the client certificates, used as `ssl_ca_file`
of all the instances.<br /> - `ca.key`: key used to generate
client certificates, if ReplicationTLSSecret is provided, this
can be omitted.<br />'
type: string
expirations:
additionalProperties:
type: string
description: Expiration dates for all certificates.
type: object
replicationTLSSecret:
description: The secret of type kubernetes.io/tls containing the
client certificate to authenticate as the `streaming_replica`
user. If not defined, ClientCASecret must provide also `ca.key`,
and a new secret will be created using the provided CA.
type: string
serverAltDNSNames:
description: The list of the server alternative DNS names to be
added to the generated server TLS certificates, when required.
items:
type: string
type: array
serverCASecret:
description: 'The secret containing the Server CA certificate.
If not defined, a new secret will be created with a self-signed
CA and will be used to generate the TLS certificate ServerTLSSecret.<br
/> <br /> Contains:<br /> <br /> - `ca.crt`: CA that should
be used to validate the server certificate, used as `sslrootcert`
in client connection strings.<br /> - `ca.key`: key used to
generate Server SSL certs, if ServerTLSSecret is provided, this
can be omitted.<br />'
type: string
serverTLSSecret:
description: The secret of type kubernetes.io/tls containing the
server TLS certificate and key that will be set as `ssl_cert_file`
and `ssl_key_file` so that clients can connect to postgres securely.
If not defined, ServerCASecret must provide also `ca.key` and
a new secret will be created using the provided CA.
type: string
type: object
cloudNativePGCommitHash:
description: The commit hash number of which this operator running
type: string
cloudNativePGOperatorHash:
description: The hash of the binary of the operator
type: string
conditions:
description: Conditions for cluster object
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
configMapResourceVersion:
description: The list of resource versions of the configmaps, managed
by the operator. Every change here is done in the interest of the
instance manager, which will refresh the configmap data
properties:
metrics:
additionalProperties:
type: string
description: A map with the versions of all the config maps used
to pass metrics. Map keys are the config map names, map values
are the versions
type: object
type: object
currentPrimary:
description: Current primary instance
type: string
currentPrimaryFailingSinceTimestamp:
description: The timestamp when the primary was detected to be unhealthy
This field is reported when spec.failoverDelay is populated or during
online upgrades
type: string
currentPrimaryTimestamp:
description: The timestamp when the last actual promotion to primary
has occurred
type: string
danglingPVC:
description: List of all the PVCs created by this cluster and still
available which are not attached to a Pod
items:
type: string
type: array
firstRecoverabilityPoint:
description: The first recoverability point, stored as a date in RFC3339
format
type: string
healthyPVC:
description: List of all the PVCs not dangling nor initializing
items:
type: string
type: array
initializingPVC:
description: List of all the PVCs that are being initialized by this
cluster
items:
type: string
type: array
instanceNames:
description: List of instance names in the cluster
items:
type: string
type: array
instances:
description: The total number of PVC Groups detected in the cluster.
It may differ from the number of existing instance pods.
type: integer
instancesReportedState:
additionalProperties:
description: InstanceReportedState describes the last reported state
of an instance during a reconciliation loop
properties:
isPrimary:
description: indicates if an instance is the primary one
type: boolean
timeLineID:
description: indicates on which TimelineId the instance is
type: integer
required:
- isPrimary
type: object
description: The reported state of the instances during the last reconciliation
loop
type: object
instancesStatus:
additionalProperties:
items:
type: string
type: array
description: InstancesStatus indicates in which status the instances
are
type: object
jobCount:
description: How many Jobs have been created by this cluster
format: int32
type: integer
lastFailedBackup:
description: Stored as a date in RFC3339 format
type: string
lastSuccessfulBackup:
description: Stored as a date in RFC3339 format
type: string
latestGeneratedNode:
description: ID of the latest generated node (used to avoid node name
clashing)
type: integer
managedRolesStatus:
description: ManagedRolesStatus reports the state of the managed roles
in the cluster
properties:
byStatus:
additionalProperties:
items:
type: string
type: array
description: ByStatus gives the list of roles in each state
type: object
cannotReconcile:
additionalProperties:
items:
type: string
type: array
description: CannotReconcile lists roles that cannot be reconciled
in PostgreSQL, with an explanation of the cause
type: object
passwordStatus:
additionalProperties:
description: PasswordState represents the state of the password
of a managed RoleConfiguration
properties:
resourceVersion:
description: the resource version of the password secret
type: string
transactionID:
description: the last transaction ID to affect the role
definition in PostgreSQL
format: int64
type: integer
type: object
description: PasswordStatus gives the last transaction id and
password secret version for each managed role
type: object
type: object
onlineUpdateEnabled:
description: OnlineUpdateEnabled shows if the online upgrade is enabled
inside the cluster
type: boolean
phase:
description: Current phase of the cluster
type: string
phaseReason:
description: Reason for the current phase
type: string
poolerIntegrations:
description: The integration needed by poolers referencing the cluster
properties:
pgBouncerIntegration:
description: PgBouncerIntegrationStatus encapsulates the needed
integration for the pgbouncer poolers referencing the cluster
properties:
secrets:
items:
type: string
type: array
type: object
type: object
pvcCount:
description: How many PVCs have been created by this cluster
format: int32
type: integer
readService:
description: Current list of read pods
type: string
readyInstances:
description: The total number of ready instances in the cluster. It
is equal to the number of ready instance pods.
type: integer
resizingPVC:
description: List of all the PVCs that have ResizingPVC condition.
items:
type: string
type: array
secretsResourceVersion:
description: The list of resource versions of the secrets managed
by the operator. Every change here is done in the interest of the
instance manager, which will refresh the secret data
properties:
applicationSecretVersion:
description: The resource version of the "app" user secret
type: string
barmanEndpointCA:
description: The resource version of the Barman Endpoint CA if
provided
type: string
caSecretVersion:
description: Unused. Retained for compatibility with old versions.
type: string
clientCaSecretVersion:
description: The resource version of the PostgreSQL client-side
CA secret version
type: string
managedRoleSecretVersion:
additionalProperties:
type: string
description: The resource versions of the managed roles secrets
type: object
metrics:
additionalProperties:
type: string
description: A map with the versions of all the secrets used to
pass metrics. Map keys are the secret names, map values are
the versions
type: object
replicationSecretVersion:
description: The resource version of the "streaming_replica" user
secret
type: string
serverCaSecretVersion:
description: The resource version of the PostgreSQL server-side
CA secret version
type: string
serverSecretVersion:
description: The resource version of the PostgreSQL server-side
secret version
type: string
superuserSecretVersion:
description: The resource version of the "postgres" user secret
type: string
type: object
targetPrimary:
description: Target primary instance, this is different from the previous
one during a switchover or a failover
type: string
targetPrimaryTimestamp:
description: The timestamp when the last request for a new primary
has occurred
type: string
timelineID:
description: The timeline of the Postgres cluster
type: integer
topology:
description: Instances topology.
properties:
instances:
additionalProperties:
additionalProperties:
type: string
description: PodTopologyLabels represent the topology of a Pod.
map[labelName]labelValue
type: object
description: Instances contains the pod topology of the instances
type: object
nodesUsed:
description: NodesUsed represents the count of distinct nodes
accommodating the instances. A value of '1' suggests that all
instances are hosted on a single node, implying the absence
of High Availability (HA). Ideally, this value should be the
same as the number of instances in the Postgres HA cluster,
implying shared nothing architecture on the compute side.
format: int32
type: integer
successfullyExtracted:
description: SuccessfullyExtracted indicates if the topology data
was extract. It is useful to enact fallback behaviors in synchronous
replica election in case of failures
type: boolean
type: object
unusablePVC:
description: List of all the PVCs that are unusable because another
PVC is missing
items:
type: string
type: array
writeService:
description: Current write pod
type: string
type: object
type: object
served: true
storage: true
subresources:
scale:
specReplicasPath: .spec.instances
statusReplicasPath: .status.instances
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: poolers.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: Pooler
listKind: PoolerList
plural: poolers
singular: pooler
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.cluster.name
name: Cluster
type: string
- jsonPath: .spec.type
name: Type
type: string
name: v1
schema:
openAPIV3Schema:
description: Pooler is the Schema for the poolers API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PoolerSpec defines the desired state of Pooler
properties:
cluster:
description: This is the cluster reference on which the Pooler will
work. Pooler name should never match with any cluster name within
the same namespace.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
deploymentStrategy:
description: The deployment strategy to use for pgbouncer to replace
existing pods with new ones
properties:
rollingUpdate:
description: 'Rolling update config params. Present only if DeploymentStrategyType
= RollingUpdate. --- TODO: Update this to follow our convention
for oneOf, whatever we decide it to be.'
properties:
maxSurge:
anyOf:
- type: integer
- type: string
description: 'The maximum number of pods that can be scheduled
above the desired number of pods. Value can be an absolute
number (ex: 5) or a percentage of desired pods (ex: 10%).
This can not be 0 if MaxUnavailable is 0. Absolute number
is calculated from percentage by rounding up. Defaults to
25%. Example: when this is set to 30%, the new ReplicaSet
can be scaled up immediately when the rolling update starts,
such that the total number of old and new pods do not exceed
130% of desired pods. Once old pods have been killed, new
ReplicaSet can be scaled up further, ensuring that total
number of pods running at any time during the update is
at most 130% of desired pods.'
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: 'The maximum number of pods that can be unavailable
during the update. Value can be an absolute number (ex:
5) or a percentage of desired pods (ex: 10%). Absolute number
is calculated from percentage by rounding down. This can
not be 0 if MaxSurge is 0. Defaults to 25%. Example: when
this is set to 30%, the old ReplicaSet can be scaled down
to 70% of desired pods immediately when the rolling update
starts. Once new pods are ready, old ReplicaSet can be scaled
down further, followed by scaling up the new ReplicaSet,
ensuring that the total number of pods available at all
times during the update is at least 70% of desired pods.'
x-kubernetes-int-or-string: true
type: object
type:
description: Type of deployment. Can be "Recreate" or "RollingUpdate".
Default is RollingUpdate.
type: string
type: object
instances:
default: 1
description: The number of replicas we want
format: int32
type: integer
monitoring:
description: The configuration of the monitoring infrastructure of
this pooler.
properties:
enablePodMonitor:
default: false
description: Enable or disable the `PodMonitor`
type: boolean
type: object
pgbouncer:
description: The PgBouncer configuration
properties:
authQuery:
description: 'The query that will be used to download the hash
of the password of a certain user. Default: "SELECT usename,
passwd FROM user_search($1)". In case it is specified, also
an AuthQuerySecret has to be specified and no automatic CNPG
Cluster integration will be triggered.'
type: string
authQuerySecret:
description: The credentials of the user that need to be used
for the authentication query. In case it is specified, also
an AuthQuery (e.g. "SELECT usename, passwd FROM pg_shadow WHERE
usename=$1") has to be specified and no automatic CNPG Cluster
integration will be triggered.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
parameters:
additionalProperties:
type: string
description: Additional parameters to be passed to PgBouncer -
please check the CNPG documentation for a list of options you
can configure
type: object
paused:
default: false
description: When set to `true`, PgBouncer will disconnect from
the PostgreSQL server, first waiting for all queries to complete,
and pause all new client connections until this value is set
to `false` (default). Internally, the operator calls PgBouncer's
`PAUSE` and `RESUME` commands.
type: boolean
pg_hba:
description: PostgreSQL Host Based Authentication rules (lines
to be appended to the pg_hba.conf file)
items:
type: string
type: array
poolMode:
default: session
description: The pool mode
enum:
- session
- transaction
type: string
required:
- poolMode
type: object
template:
description: The template of the Pod to be created
properties:
metadata:
description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map
stored with a resource that may be set by external tools
to store and retrieve arbitrary metadata. They are not queryable
and should be preserved when modifying objects. More info:
http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used
to organize and categorize (scope and select) objects. May
match selectors of replication controllers and services.
More info: http://kubernetes.io/docs/user-guide/labels'
type: object
type: object
spec:
description: 'Specification of the desired behavior of the pod.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
activeDeadlineSeconds:
description: Optional duration in seconds the pod may be active
on the node relative to StartTime before the system will
actively try to mark it failed and kill associated containers.
Value must be a positive integer.
format: int64
type: integer
affinity:
description: If specified, the pod's scheduling constraints
properties:
nodeAffinity:
description: Describes node affinity scheduling rules
for the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule
pods to nodes that satisfy the affinity expressions
specified by this field, but it may choose a node
that violates one or more of the expressions. The
node that is most preferred is the one with the
greatest sum of weights, i.e. for each node that
meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements
of this field and adding "weight" to the sum if
the node matches the corresponding matchExpressions;
the node(s) with the highest sum are the most preferred.
items:
description: An empty preferred scheduling term
matches all objects with implicit weight 0 (i.e.
it's a no-op). A null preferred scheduling term
matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated
with the corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in the
range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified
by this field are not met at scheduling time, the
pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease
to be met at some point during pod execution (e.g.
due to an update), the system may or may not try
to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector
terms. The terms are ORed.
items:
description: A null or empty node selector term
matches no objects. The requirements of them
are ANDed. The TopologySelectorTerm type implements
a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
co-locate this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule
pods to nodes that satisfy the affinity expressions
specified by this field, but it may choose a node
that violates one or more of the expressions. The
node that is most preferred is the one with the
greatest sum of weights, i.e. for each node that
meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements
of this field and adding "weight" to the sum if
the node has pods which matches the corresponding
podAffinityTerm; the node(s) with the highest sum
are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term,
associated with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of
resources, in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array
of string values. If the operator
is In or NotIn, the values array
must be non-empty. If the operator
is Exists or DoesNotExist, the
values array must be empty.
This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs. A single {key,value}
in the matchLabels map is equivalent
to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are
ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set
of namespaces that the term applies to.
The term is applied to the union of the
namespaces selected by this field and
the ones listed in the namespaces field.
null selector and null or empty namespaces
list means "this pod's namespace". An
empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array
of string values. If the operator
is In or NotIn, the values array
must be non-empty. If the operator
is Exists or DoesNotExist, the
values array must be empty.
This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs. A single {key,value}
in the matchLabels map is equivalent
to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are
ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static
list of namespace names that the term
applies to. The term is applied to the
union of the namespaces listed in this
field and the ones selected by namespaceSelector.
null or empty namespaces list and null
namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
description: This pod should be co-located
(affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector
in the specified namespaces, where co-located
is defined as running on a node whose
value of the label with key topologyKey
matches that of any node on which any
of the selected pods is running. Empty
topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching
the corresponding podAffinityTerm, in the
range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified
by this field are not met at scheduling time, the
pod will not be scheduled onto the node. If the
affinity requirements specified by this field cease
to be met at some point during pod execution (e.g.
due to a pod label update), the system may or may
not try to eventually evict the pod from its node.
When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected,
i.e. all terms must be satisfied.
items:
description: Defines a set of pods (namely those
matching the labelSelector relative to the given
namespace(s)) that this pod should be co-located
(affinity) or not co-located (anti-affinity) with,
where co-located is defined as running on a node
whose value of the label with key <topologyKey>
matches that of any node on which a pod of the
set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by
this field and the ones listed in the namespaces
field. null selector and null or empty namespaces
list means "this pod's namespace". An empty
selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to.
The term is applied to the union of the namespaces
listed in this field and the ones selected
by namespaceSelector. null or empty namespaces
list and null namespaceSelector means "this
pod's namespace".
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching the labelSelector in the specified
namespaces, where co-located is defined as
running on a node whose value of the label
with key topologyKey matches that of any node
on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules
(e.g. avoid putting this pod in the same node, zone,
etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule
pods to nodes that satisfy the anti-affinity expressions
specified by this field, but it may choose a node
that violates one or more of the expressions. The
node that is most preferred is the one with the
greatest sum of weights, i.e. for each node that
meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity
expressions, etc.), compute a sum by iterating through
the elements of this field and adding "weight" to
the sum if the node has pods which matches the corresponding
podAffinityTerm; the node(s) with the highest sum
are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term,
associated with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of
resources, in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array
of string values. If the operator
is In or NotIn, the values array
must be non-empty. If the operator
is Exists or DoesNotExist, the
values array must be empty.
This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs. A single {key,value}
in the matchLabels map is equivalent
to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are
ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set
of namespaces that the term applies to.
The term is applied to the union of the
namespaces selected by this field and
the ones listed in the namespaces field.
null selector and null or empty namespaces
list means "this pod's namespace". An
empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array
of string values. If the operator
is In or NotIn, the values array
must be non-empty. If the operator
is Exists or DoesNotExist, the
values array must be empty.
This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs. A single {key,value}
in the matchLabels map is equivalent
to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are
ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static
list of namespace names that the term
applies to. The term is applied to the
union of the namespaces listed in this
field and the ones selected by namespaceSelector.
null or empty namespaces list and null
namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
description: This pod should be co-located
(affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector
in the specified namespaces, where co-located
is defined as running on a node whose
value of the label with key topologyKey
matches that of any node on which any
of the selected pods is running. Empty
topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching
the corresponding podAffinityTerm, in the
range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified
by this field are not met at scheduling time, the
pod will not be scheduled onto the node. If the
anti-affinity requirements specified by this field
cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may
or may not try to eventually evict the pod from
its node. When there are multiple elements, the
lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
items:
description: Defines a set of pods (namely those
matching the labelSelector relative to the given
namespace(s)) that this pod should be co-located
(affinity) or not co-located (anti-affinity) with,
where co-located is defined as running on a node
whose value of the label with key <topologyKey>
matches that of any node on which a pod of the
set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by
this field and the ones listed in the namespaces
field. null selector and null or empty namespaces
list means "this pod's namespace". An empty
selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to.
The term is applied to the union of the namespaces
listed in this field and the ones selected
by namespaceSelector. null or empty namespaces
list and null namespaceSelector means "this
pod's namespace".
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching the labelSelector in the specified
namespaces, where co-located is defined as
running on a node whose value of the label
with key topologyKey matches that of any node
on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
automountServiceAccountToken:
description: AutomountServiceAccountToken indicates whether
a service account token should be automatically mounted.
type: boolean
containers:
description: List of containers belonging to the pod. Containers
cannot currently be added or removed. There must be at least
one container in a Pod. Cannot be updated.
items:
description: A single application container that you want
to run within a pod.
properties:
args:
description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
reference in the input string will be unchanged. Double
$$ are reduced to a single $, which allows for escaping
the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
the string literal "$(VAR_NAME)". Escaped references
will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
a shell. The container image''s ENTRYPOINT is used
if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string
literal "$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable exists
or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in
the container. Cannot be updated.
items:
description: EnvVar represents an environment variable
present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults
to "".'
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of, defaults
to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage,
requests.cpu, requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment
variables in the container. The keys defined within
a source must be a C_IDENTIFIER. All invalid keys
will be reported as an event when the container is
starting. When a key exists in multiple sources, the
value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will
take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of
a set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret must
be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
type: object
type: array
image:
description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never,
IfNotPresent. Defaults to Always if :latest tag is
specified, or IfNotPresent otherwise. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management system should
take in response to container lifecycle events. Cannot
be updated.
properties:
postStart:
description: 'PostStart is called immediately after
a container is created. If the handler fails,
the container is terminated and restarted according
to its restart policy. Other management of the
container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
to execute inside the container, the working
directory for the command is root ('/')
in the container's filesystem. The command
is simply exec'd, it is not run inside
a shell, so traditional shell instructions
('|', etc) won't work. To use a shell,
you need to explicitly call out to that
shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name.
This will be canonicalized upon
output, so case-variant names will
be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward
compatibility. There are no validation of
this field and lifecycle hooks will fail in
runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before
a container is terminated due to an API request
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the
container will eventually terminate within the
Pod''s termination grace period (unless delayed
by finalizers). Other management of the container
blocks until the hook completes or until the termination
grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
to execute inside the container, the working
directory for the command is root ('/')
in the container's filesystem. The command
is simply exec'd, it is not run inside
a shell, so traditional shell instructions
('|', etc) won't work. To use a shell,
you need to explicitly call out to that
shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name.
This will be canonicalized upon
output, so case-variant names will
be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward
compatibility. There are no validation of
this field and lifecycle hooks will fail in
runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container liveness.
Container will be restarted if the probe fails. Cannot
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from the container.
Not specifying a port here DOES NOT prevent that port
from being exposed. Any port which is listening on
the default "0.0.0.0" address inside a container will
be accessible from the network. Modifying this array
with strategic merge patch may corrupt the data. For
more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
properties:
containerPort:
description: Number of port to expose on the pod's
IP address. This must be a valid port number,
0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external
port to.
type: string
hostPort:
description: Number of port to expose on the host.
If specified, this must be a valid port number,
0 < x < 65536. If HostNetwork is specified,
this must match ContainerPort. Most containers
do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in
a pod must have a unique name. Name for the
port that can be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP,
or SCTP. Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container service readiness.
Container will be removed from service endpoints if
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resizePolicy:
description: Resources resize policy for the container.
items:
description: ContainerResizePolicy represents resource
resize policy for the container.
properties:
resourceName:
description: 'Name of the resource to which this
resource resize policy applies. Supported values:
cpu, memory.'
type: string
restartPolicy:
description: Restart policy to apply when specified
resource is resized. If not specified, it defaults
to NotRequired.
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
claims:
description: "Claims lists the names of resources,
defined in spec.resourceClaims, that are used
by this container. \n This is an alpha field and
requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can
only be set for containers."
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one
entry in pod.spec.resourceClaims of the
Pod where this field is used. It makes that
resource available inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
an implementation-defined value. Requests cannot
exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
description: 'SecurityContext defines the security options
the container should be run with. If set, the fields
of SecurityContext override the equivalent fields
of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
whether a process can gain more privileges than
its parent process. This bool directly controls
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
has CAP_SYS_ADMIN Note that this field cannot
be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
granted by the container runtime. Note that this
field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is
windows.
type: boolean
procMount:
description: procMount denotes the type of proc
mount to use for the containers. The default is
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
be enabled. Note that this field cannot be set
when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
root filesystem. Default is false. Note that this
field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
container process. Uses runtime default if unset.
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is windows.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run
as a non-root user. If true, the Kubelet will
validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start
the container if it does. If unset or false, no
such validation will be performed. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the
container process. Defaults to user specified
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to
the container. If unspecified, the container runtime
will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is windows.
properties:
level:
description: Level is SELinux level label that
applies to the container.
type: string
role:
description: Role is a SELinux role label that
applies to the container.
type: string
type:
description: Type is a SELinux type label that
applies to the container.
type: string
user:
description: User is a SELinux user label that
applies to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
options override the pod options. Note that this
field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used.
The profile must be preconfigured on the node
to work. Must be a descending path, relative
to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp
profile will be applied. Valid options are:
\n Localhost - a profile defined in a file
on the node should be used. RuntimeDefault
- the container runtime default profile should
be used. Unconfined - no profile should be
applied."
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific settings applied
to all containers. If unspecified, the options
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential
spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container.
This field is alpha-level and will only be
honored by components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the
feature flag will result in errors when validating
the Pod. All of a Pod's containers must have
the same effective HostProcess value (it is
not allowed to have a mix of HostProcess containers
and non-HostProcess containers). In addition,
if HostProcess is true then HostNetwork must
also be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
to the user specified in image metadata if
unspecified. May also be set in PodSecurityContext.
If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes
precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that the Pod has
successfully initialized. If specified, no other probes
are executed until this completes successfully. If
this probe fails, the Pod will be restarted, just
as if the livenessProbe failed. This can be used to
provide different probe parameters at the beginning
of a Pod''s lifecycle, when it might take a long time
to load data or warm a cache, than during steady-state
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate
a buffer for stdin in the container runtime. If this
is not set, reads from stdin in the container will
always result in EOF. Default is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close
the stdin channel after it has been opened by a single
attach. When stdin is true the stdin stream will remain
open across multiple attach sessions. If stdinOnce
is set to true, stdin is opened on container start,
is empty until the first client attaches to stdin,
and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains
closed until the container is restarted. If this flag
is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which
the container''s termination message will be written
is mounted into the container''s filesystem. Message
written is intended to be brief final status, such
as an assertion failure message. Will be truncated
by the node if greater than 4096 bytes. The total
message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot
be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should
be populated. File will use the contents of terminationMessagePath
to populate the container status message on both success
and failure. FallbackToLogsOnError will use the last
chunk of container log output if the termination message
file is empty and the container exited with an error.
The log output is limited to 2048 bytes or 80 lines,
whichever is smaller. Defaults to File. Cannot be
updated.
type: string
tty:
description: Whether this container should allocate
a TTY for itself, also requires 'stdin' to be true.
Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices
to be used by the container.
items:
description: volumeDevice describes a mapping of a
raw block device within a container.
properties:
devicePath:
description: devicePath is the path inside of
the container that the device will be mapped
to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's
filesystem. Cannot be updated.
items:
description: VolumeMount describes a mounting of a
Volume within a container.
properties:
mountPath:
description: Path within the container at which
the volume should be mounted. Must not contain
':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts
are propagated from the host to container and
the other way around. When not set, MountPropagationNone
is used. This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write
otherwise (false or unspecified). Defaults to
false.
type: boolean
subPath:
description: Path within the volume from which
the container's volume should be mounted. Defaults
to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from
which the container's volume should be mounted.
Behaves similarly to SubPath but environment
variable references $(VAR_NAME) are expanded
using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath
are mutually exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which
might be configured in the container image. Cannot
be updated.
type: string
required:
- name
type: object
type: array
dnsConfig:
description: Specifies the DNS parameters of a pod. Parameters
specified here will be merged to the generated DNS configuration
based on DNSPolicy.
properties:
nameservers:
description: A list of DNS name server IP addresses. This
will be appended to the base nameservers generated from
DNSPolicy. Duplicated nameservers will be removed.
items:
type: string
type: array
options:
description: A list of DNS resolver options. This will
be merged with the base options generated from DNSPolicy.
Duplicated entries will be removed. Resolution options
given in Options will override those that appear in
the base DNSPolicy.
items:
description: PodDNSConfigOption defines DNS resolver
options of a pod.
properties:
name:
description: Required.
type: string
value:
type: string
type: object
type: array
searches:
description: A list of DNS search domains for host-name
lookup. This will be appended to the base search paths
generated from DNSPolicy. Duplicated search paths will
be removed.
items:
type: string
type: array
type: object
dnsPolicy:
description: Set DNS policy for the pod. Defaults to "ClusterFirst".
Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
'Default' or 'None'. DNS parameters given in DNSConfig will
be merged with the policy selected with DNSPolicy. To have
DNS options set along with hostNetwork, you have to specify
DNS policy explicitly to 'ClusterFirstWithHostNet'.
type: string
enableServiceLinks:
description: 'EnableServiceLinks indicates whether information
about services should be injected into pod''s environment
variables, matching the syntax of Docker links. Optional:
Defaults to true.'
type: boolean
ephemeralContainers:
description: List of ephemeral containers run in this pod.
Ephemeral containers may be run in an existing pod to perform
user-initiated actions such as debugging. This list cannot
be specified when creating a pod, and it cannot be modified
by updating the pod spec. In order to add an ephemeral container
to an existing pod, use the pod's ephemeralcontainers subresource.
items:
description: "An EphemeralContainer is a temporary container
that you may add to an existing Pod for user-initiated
activities such as debugging. Ephemeral containers have
no resource or scheduling guarantees, and they will not
be restarted when they exit or when a Pod is removed or
restarted. The kubelet may evict a Pod if an ephemeral
container causes the Pod to exceed its resource allocation.
\n To add an ephemeral container, use the ephemeralcontainers
subresource of an existing Pod. Ephemeral containers may
not be removed or restarted."
properties:
args:
description: 'Arguments to the entrypoint. The image''s
CMD is used if this is not provided. Variable references
$(VAR_NAME) are expanded using the container''s environment.
If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are
reduced to a single $, which allows for escaping the
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
the string literal "$(VAR_NAME)". Escaped references
will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
a shell. The image''s ENTRYPOINT is used if this is
not provided. Variable references $(VAR_NAME) are
expanded using the container''s environment. If a
variable cannot be resolved, the reference in the
input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string
literal "$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable exists
or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in
the container. Cannot be updated.
items:
description: EnvVar represents an environment variable
present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults
to "".'
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of, defaults
to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage,
requests.cpu, requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment
variables in the container. The keys defined within
a source must be a C_IDENTIFIER. All invalid keys
will be reported as an event when the container is
starting. When a key exists in multiple sources, the
value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will
take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of
a set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret must
be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
type: object
type: array
image:
description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never,
IfNotPresent. Defaults to Always if :latest tag is
specified, or IfNotPresent otherwise. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Lifecycle is not allowed for ephemeral
containers.
properties:
postStart:
description: 'PostStart is called immediately after
a container is created. If the handler fails,
the container is terminated and restarted according
to its restart policy. Other management of the
container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
to execute inside the container, the working
directory for the command is root ('/')
in the container's filesystem. The command
is simply exec'd, it is not run inside
a shell, so traditional shell instructions
('|', etc) won't work. To use a shell,
you need to explicitly call out to that
shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name.
This will be canonicalized upon
output, so case-variant names will
be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward
compatibility. There are no validation of
this field and lifecycle hooks will fail in
runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before
a container is terminated due to an API request
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the
container will eventually terminate within the
Pod''s termination grace period (unless delayed
by finalizers). Other management of the container
blocks until the hook completes or until the termination
grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
to execute inside the container, the working
directory for the command is root ('/')
in the container's filesystem. The command
is simply exec'd, it is not run inside
a shell, so traditional shell instructions
('|', etc) won't work. To use a shell,
you need to explicitly call out to that
shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name.
This will be canonicalized upon
output, so case-variant names will
be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward
compatibility. There are no validation of
this field and lifecycle hooks will fail in
runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: Probes are not allowed for ephemeral containers.
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the ephemeral container specified
as a DNS_LABEL. This name must be unique among all
containers, init containers and ephemeral containers.
type: string
ports:
description: Ports are not allowed for ephemeral containers.
items:
description: ContainerPort represents a network port
in a single container.
properties:
containerPort:
description: Number of port to expose on the pod's
IP address. This must be a valid port number,
0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external
port to.
type: string
hostPort:
description: Number of port to expose on the host.
If specified, this must be a valid port number,
0 < x < 65536. If HostNetwork is specified,
this must match ContainerPort. Most containers
do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in
a pod must have a unique name. Name for the
port that can be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP,
or SCTP. Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: Probes are not allowed for ephemeral containers.
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resizePolicy:
description: Resources resize policy for the container.
items:
description: ContainerResizePolicy represents resource
resize policy for the container.
properties:
resourceName:
description: 'Name of the resource to which this
resource resize policy applies. Supported values:
cpu, memory.'
type: string
restartPolicy:
description: Restart policy to apply when specified
resource is resized. If not specified, it defaults
to NotRequired.
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources:
description: Resources are not allowed for ephemeral
containers. Ephemeral containers use spare resources
already allocated to the pod.
properties:
claims:
description: "Claims lists the names of resources,
defined in spec.resourceClaims, that are used
by this container. \n This is an alpha field and
requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can
only be set for containers."
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one
entry in pod.spec.resourceClaims of the
Pod where this field is used. It makes that
resource available inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
an implementation-defined value. Requests cannot
exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
description: 'Optional: SecurityContext defines the
security options the ephemeral container should be
run with. If set, the fields of SecurityContext override
the equivalent fields of PodSecurityContext.'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
whether a process can gain more privileges than
its parent process. This bool directly controls
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
has CAP_SYS_ADMIN Note that this field cannot
be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
granted by the container runtime. Note that this
field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is
windows.
type: boolean
procMount:
description: procMount denotes the type of proc
mount to use for the containers. The default is
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
be enabled. Note that this field cannot be set
when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
root filesystem. Default is false. Note that this
field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
container process. Uses runtime default if unset.
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is windows.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run
as a non-root user. If true, the Kubelet will
validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start
the container if it does. If unset or false, no
such validation will be performed. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the
container process. Defaults to user specified
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to
the container. If unspecified, the container runtime
will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is windows.
properties:
level:
description: Level is SELinux level label that
applies to the container.
type: string
role:
description: Role is a SELinux role label that
applies to the container.
type: string
type:
description: Type is a SELinux type label that
applies to the container.
type: string
user:
description: User is a SELinux user label that
applies to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
options override the pod options. Note that this
field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used.
The profile must be preconfigured on the node
to work. Must be a descending path, relative
to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp
profile will be applied. Valid options are:
\n Localhost - a profile defined in a file
on the node should be used. RuntimeDefault
- the container runtime default profile should
be used. Unconfined - no profile should be
applied."
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific settings applied
to all containers. If unspecified, the options
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential
spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container.
This field is alpha-level and will only be
honored by components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the
feature flag will result in errors when validating
the Pod. All of a Pod's containers must have
the same effective HostProcess value (it is
not allowed to have a mix of HostProcess containers
and non-HostProcess containers). In addition,
if HostProcess is true then HostNetwork must
also be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
to the user specified in image metadata if
unspecified. May also be set in PodSecurityContext.
If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes
precedence.
type: string
type: object
type: object
startupProbe:
description: Probes are not allowed for ephemeral containers.
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate
a buffer for stdin in the container runtime. If this
is not set, reads from stdin in the container will
always result in EOF. Default is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close
the stdin channel after it has been opened by a single
attach. When stdin is true the stdin stream will remain
open across multiple attach sessions. If stdinOnce
is set to true, stdin is opened on container start,
is empty until the first client attaches to stdin,
and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains
closed until the container is restarted. If this flag
is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
targetContainerName:
description: "If set, the name of the container from
PodSpec that this ephemeral container targets. The
ephemeral container will be run in the namespaces
(IPC, PID, etc) of this container. If not set then
the ephemeral container uses the namespaces configured
in the Pod spec. \n The container runtime must implement
support for this feature. If the runtime does not
support namespace targeting then the result of setting
this field is undefined."
type: string
terminationMessagePath:
description: 'Optional: Path at which the file to which
the container''s termination message will be written
is mounted into the container''s filesystem. Message
written is intended to be brief final status, such
as an assertion failure message. Will be truncated
by the node if greater than 4096 bytes. The total
message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot
be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should
be populated. File will use the contents of terminationMessagePath
to populate the container status message on both success
and failure. FallbackToLogsOnError will use the last
chunk of container log output if the termination message
file is empty and the container exited with an error.
The log output is limited to 2048 bytes or 80 lines,
whichever is smaller. Defaults to File. Cannot be
updated.
type: string
tty:
description: Whether this container should allocate
a TTY for itself, also requires 'stdin' to be true.
Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices
to be used by the container.
items:
description: volumeDevice describes a mapping of a
raw block device within a container.
properties:
devicePath:
description: devicePath is the path inside of
the container that the device will be mapped
to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's
filesystem. Subpath mounts are not allowed for ephemeral
containers. Cannot be updated.
items:
description: VolumeMount describes a mounting of a
Volume within a container.
properties:
mountPath:
description: Path within the container at which
the volume should be mounted. Must not contain
':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts
are propagated from the host to container and
the other way around. When not set, MountPropagationNone
is used. This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write
otherwise (false or unspecified). Defaults to
false.
type: boolean
subPath:
description: Path within the volume from which
the container's volume should be mounted. Defaults
to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from
which the container's volume should be mounted.
Behaves similarly to SubPath but environment
variable references $(VAR_NAME) are expanded
using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath
are mutually exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which
might be configured in the container image. Cannot
be updated.
type: string
required:
- name
type: object
type: array
hostAliases:
description: HostAliases is an optional list of hosts and
IPs that will be injected into the pod's hosts file if specified.
This is only valid for non-hostNetwork pods.
items:
description: HostAlias holds the mapping between IP and
hostnames that will be injected as an entry in the pod's
hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
items:
type: string
type: array
ip:
description: IP address of the host file entry.
type: string
type: object
type: array
hostIPC:
description: 'Use the host''s ipc namespace. Optional: Default
to false.'
type: boolean
hostNetwork:
description: Host networking requested for this pod. Use the
host's network namespace. If this option is set, the ports
that will be used must be specified. Default to false.
type: boolean
hostPID:
description: 'Use the host''s pid namespace. Optional: Default
to false.'
type: boolean
hostUsers:
description: 'Use the host''s user namespace. Optional: Default
to true. If set to true or not present, the pod will be
run in the host user namespace, useful for when the pod
needs a feature only available to the host user namespace,
such as loading a kernel module with CAP_SYS_MODULE. When
set to false, a new userns is created for the pod. Setting
false is useful for mitigating container breakout vulnerabilities
even allowing users to run their containers as root without
actually having root privileges on the host. This field
is alpha-level and is only honored by servers that enable
the UserNamespacesSupport feature.'
type: boolean
hostname:
description: Specifies the hostname of the Pod If not specified,
the pod's hostname will be set to a system-defined value.
type: string
imagePullSecrets:
description: 'ImagePullSecrets is an optional list of references
to secrets in the same namespace to use for pulling any
of the images used by this PodSpec. If specified, these
secrets will be passed to individual puller implementations
for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
items:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same
namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
type: array
initContainers:
description: 'List of initialization containers belonging
to the pod. Init containers are executed in order prior
to containers being started. If any init container fails,
the pod is considered to have failed and is handled according
to its restartPolicy. The name for an init container or
normal container must be unique among all containers. Init
containers may not have Lifecycle actions, Readiness probes,
Liveness probes, or Startup probes. The resourceRequirements
of an init container are taken into account during scheduling
by finding the highest request/limit for each resource type,
and then using the max of of that value or the sum of the
normal containers. Limits are applied to init containers
in a similar fashion. Init containers cannot currently be
added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
items:
description: A single application container that you want
to run within a pod.
properties:
args:
description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
reference in the input string will be unchanged. Double
$$ are reduced to a single $, which allows for escaping
the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
the string literal "$(VAR_NAME)". Escaped references
will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
a shell. The container image''s ENTRYPOINT is used
if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME)
syntax: i.e. "$$(VAR_NAME)" will produce the string
literal "$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable exists
or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in
the container. Cannot be updated.
items:
description: EnvVar represents an environment variable
present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults
to "".'
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of, defaults
to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage,
requests.cpu, requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment
variables in the container. The keys defined within
a source must be a C_IDENTIFIER. All invalid keys
will be reported as an event when the container is
starting. When a key exists in multiple sources, the
value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will
take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of
a set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret must
be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
type: object
type: array
image:
description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never,
IfNotPresent. Defaults to Always if :latest tag is
specified, or IfNotPresent otherwise. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management system should
take in response to container lifecycle events. Cannot
be updated.
properties:
postStart:
description: 'PostStart is called immediately after
a container is created. If the handler fails,
the container is terminated and restarted according
to its restart policy. Other management of the
container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
to execute inside the container, the working
directory for the command is root ('/')
in the container's filesystem. The command
is simply exec'd, it is not run inside
a shell, so traditional shell instructions
('|', etc) won't work. To use a shell,
you need to explicitly call out to that
shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name.
This will be canonicalized upon
output, so case-variant names will
be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward
compatibility. There are no validation of
this field and lifecycle hooks will fail in
runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before
a container is terminated due to an API request
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the
container will eventually terminate within the
Pod''s termination grace period (unless delayed
by finalizers). Other management of the container
blocks until the hook completes or until the termination
grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
to execute inside the container, the working
directory for the command is root ('/')
in the container's filesystem. The command
is simply exec'd, it is not run inside
a shell, so traditional shell instructions
('|', etc) won't work. To use a shell,
you need to explicitly call out to that
shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name.
This will be canonicalized upon
output, so case-variant names will
be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward
compatibility. There are no validation of
this field and lifecycle hooks will fail in
runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535. Name must
be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container liveness.
Container will be restarted if the probe fails. Cannot
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from the container.
Not specifying a port here DOES NOT prevent that port
from being exposed. Any port which is listening on
the default "0.0.0.0" address inside a container will
be accessible from the network. Modifying this array
with strategic merge patch may corrupt the data. For
more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
properties:
containerPort:
description: Number of port to expose on the pod's
IP address. This must be a valid port number,
0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external
port to.
type: string
hostPort:
description: Number of port to expose on the host.
If specified, this must be a valid port number,
0 < x < 65536. If HostNetwork is specified,
this must match ContainerPort. Most containers
do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in
a pod must have a unique name. Name for the
port that can be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP,
or SCTP. Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container service readiness.
Container will be removed from service endpoints if
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resizePolicy:
description: Resources resize policy for the container.
items:
description: ContainerResizePolicy represents resource
resize policy for the container.
properties:
resourceName:
description: 'Name of the resource to which this
resource resize policy applies. Supported values:
cpu, memory.'
type: string
restartPolicy:
description: Restart policy to apply when specified
resource is resized. If not specified, it defaults
to NotRequired.
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
claims:
description: "Claims lists the names of resources,
defined in spec.resourceClaims, that are used
by this container. \n This is an alpha field and
requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can
only be set for containers."
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one
entry in pod.spec.resourceClaims of the
Pod where this field is used. It makes that
resource available inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
an implementation-defined value. Requests cannot
exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
description: 'SecurityContext defines the security options
the container should be run with. If set, the fields
of SecurityContext override the equivalent fields
of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
whether a process can gain more privileges than
its parent process. This bool directly controls
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
has CAP_SYS_ADMIN Note that this field cannot
be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
granted by the container runtime. Note that this
field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
to root on the host. Defaults to false. Note that
this field cannot be set when spec.os.name is
windows.
type: boolean
procMount:
description: procMount denotes the type of proc
mount to use for the containers. The default is
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
be enabled. Note that this field cannot be set
when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
root filesystem. Default is false. Note that this
field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
container process. Uses runtime default if unset.
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is windows.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run
as a non-root user. If true, the Kubelet will
validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start
the container if it does. If unset or false, no
such validation will be performed. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the
container process. Defaults to user specified
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
SecurityContext takes precedence. Note that this
field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to
the container. If unspecified, the container runtime
will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is windows.
properties:
level:
description: Level is SELinux level label that
applies to the container.
type: string
role:
description: Role is a SELinux role label that
applies to the container.
type: string
type:
description: Type is a SELinux type label that
applies to the container.
type: string
user:
description: User is a SELinux user label that
applies to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
options override the pod options. Note that this
field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used.
The profile must be preconfigured on the node
to work. Must be a descending path, relative
to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp
profile will be applied. Valid options are:
\n Localhost - a profile defined in a file
on the node should be used. RuntimeDefault
- the container runtime default profile should
be used. Unconfined - no profile should be
applied."
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific settings applied
to all containers. If unspecified, the options
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential
spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container.
This field is alpha-level and will only be
honored by components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the
feature flag will result in errors when validating
the Pod. All of a Pod's containers must have
the same effective HostProcess value (it is
not allowed to have a mix of HostProcess containers
and non-HostProcess containers). In addition,
if HostProcess is true then HostNetwork must
also be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
to the user specified in image metadata if
unspecified. May also be set in PodSecurityContext.
If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes
precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that the Pod has
successfully initialized. If specified, no other probes
are executed until this completes successfully. If
this probe fails, the Pod will be restarted, just
as if the livenessProbe failed. This can be used to
provide different probe parameters at the beginning
of a Pod''s lifecycle, when it might take a long time
to load data or warm a cache, than during steady-state
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving
a GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service
to place in the gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name. This
will be canonicalized upon output, so
case-variant names will be understood
as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed. Defaults to 1. Must be 1 for liveness
and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod
needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after
the processes running in the pod are sent a termination
signal and the time when the processes are forcibly
halted with a kill signal. Set this value longer
than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value overrides
the value provided by the pod spec. Value must
be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity
to shut down). This is a beta field and requires
enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate
a buffer for stdin in the container runtime. If this
is not set, reads from stdin in the container will
always result in EOF. Default is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close
the stdin channel after it has been opened by a single
attach. When stdin is true the stdin stream will remain
open across multiple attach sessions. If stdinOnce
is set to true, stdin is opened on container start,
is empty until the first client attaches to stdin,
and then remains open and accepts data until the client
disconnects, at which time stdin is closed and remains
closed until the container is restarted. If this flag
is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which
the container''s termination message will be written
is mounted into the container''s filesystem. Message
written is intended to be brief final status, such
as an assertion failure message. Will be truncated
by the node if greater than 4096 bytes. The total
message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot
be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should
be populated. File will use the contents of terminationMessagePath
to populate the container status message on both success
and failure. FallbackToLogsOnError will use the last
chunk of container log output if the termination message
file is empty and the container exited with an error.
The log output is limited to 2048 bytes or 80 lines,
whichever is smaller. Defaults to File. Cannot be
updated.
type: string
tty:
description: Whether this container should allocate
a TTY for itself, also requires 'stdin' to be true.
Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices
to be used by the container.
items:
description: volumeDevice describes a mapping of a
raw block device within a container.
properties:
devicePath:
description: devicePath is the path inside of
the container that the device will be mapped
to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's
filesystem. Cannot be updated.
items:
description: VolumeMount describes a mounting of a
Volume within a container.
properties:
mountPath:
description: Path within the container at which
the volume should be mounted. Must not contain
':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts
are propagated from the host to container and
the other way around. When not set, MountPropagationNone
is used. This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write
otherwise (false or unspecified). Defaults to
false.
type: boolean
subPath:
description: Path within the volume from which
the container's volume should be mounted. Defaults
to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from
which the container's volume should be mounted.
Behaves similarly to SubPath but environment
variable references $(VAR_NAME) are expanded
using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath
are mutually exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which
might be configured in the container image. Cannot
be updated.
type: string
required:
- name
type: object
type: array
nodeName:
description: NodeName is a request to schedule this pod onto
a specific node. If it is non-empty, the scheduler simply
schedules this pod onto that node, assuming that it fits
resource requirements.
type: string
nodeSelector:
additionalProperties:
type: string
description: 'NodeSelector is a selector which must be true
for the pod to fit on a node. Selector which must match
a node''s labels for the pod to be scheduled on that node.
More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
type: object
x-kubernetes-map-type: atomic
os:
description: "Specifies the OS of the containers in the pod.
Some pod and container fields are restricted if this is
set. \n If the OS field is set to linux, the following fields
must be unset: -securityContext.windowsOptions \n If the
OS field is set to windows, following fields must be unset:
- spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions
- spec.securityContext.seccompProfile - spec.securityContext.fsGroup
- spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls
- spec.shareProcessNamespace - spec.securityContext.runAsUser
- spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups
- spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile
- spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem
- spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- spec.containers[*].securityContext.runAsGroup"
properties:
name:
description: 'Name is the name of the operating system.
The currently supported values are linux and windows.
Additional value may be defined in future and can be
one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Clients should expect to handle additional values and
treat unrecognized values in this field as os: null'
type: string
required:
- name
type: object
overhead:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Overhead represents the resource overhead associated
with running a pod for a given RuntimeClass. This field
will be autopopulated at admission time by the RuntimeClass
admission controller. If the RuntimeClass admission controller
is enabled, overhead must not be set in Pod create requests.
The RuntimeClass admission controller will reject Pod create
requests which have the overhead already set. If RuntimeClass
is configured and selected in the PodSpec, Overhead will
be set to the value defined in the corresponding RuntimeClass,
otherwise it will remain unset and treated as zero. More
info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
type: object
preemptionPolicy:
description: PreemptionPolicy is the Policy for preempting
pods with lower priority. One of Never, PreemptLowerPriority.
Defaults to PreemptLowerPriority if unset.
type: string
priority:
description: The priority value. Various system components
use this field to find the priority of the pod. When Priority
Admission Controller is enabled, it prevents users from
setting this field. The admission controller populates this
field from PriorityClassName. The higher the value, the
higher the priority.
format: int32
type: integer
priorityClassName:
description: If specified, indicates the pod's priority. "system-node-critical"
and "system-cluster-critical" are two special keywords which
indicate the highest priorities with the former being the
highest priority. Any other name must be defined by creating
a PriorityClass object with that name. If not specified,
the pod priority will be default or zero if there is no
default.
type: string
readinessGates:
description: 'If specified, all readiness gates will be evaluated
for pod readiness. A pod is ready when all its containers
are ready AND all conditions specified in the readiness
gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
items:
description: PodReadinessGate contains the reference to
a pod condition
properties:
conditionType:
description: ConditionType refers to a condition in
the pod's condition list with matching type.
type: string
required:
- conditionType
type: object
type: array
resourceClaims:
description: "ResourceClaims defines which ResourceClaims
must be allocated and reserved before the Pod is allowed
to start. The resources will be made available to those
containers which consume them by name. \n This is an alpha
field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable."
items:
description: PodResourceClaim references exactly one ResourceClaim
through a ClaimSource. It adds a name to it that uniquely
identifies the ResourceClaim inside the Pod. Containers
that need access to the ResourceClaim reference it with
this name.
properties:
name:
description: Name uniquely identifies this resource
claim inside the pod. This must be a DNS_LABEL.
type: string
source:
description: Source describes where to find the ResourceClaim.
properties:
resourceClaimName:
description: ResourceClaimName is the name of a
ResourceClaim object in the same namespace as
this pod.
type: string
resourceClaimTemplateName:
description: "ResourceClaimTemplateName is the name
of a ResourceClaimTemplate object in the same
namespace as this pod. \n The template will be
used to create a new ResourceClaim, which will
be bound to this pod. When this pod is deleted,
the ResourceClaim will also be deleted. The name
of the ResourceClaim will be <pod name>-<resource
name>, where <resource name> is the PodResourceClaim.Name.
Pod validation will reject the pod if the concatenated
name is not valid for a ResourceClaim (e.g. too
long). \n An existing ResourceClaim with that
name that is not owned by the pod will not be
used for the pod to avoid using an unrelated resource
by mistake. Scheduling and pod startup are then
blocked until the unrelated ResourceClaim is removed.
\n This field is immutable and no changes will
be made to the corresponding ResourceClaim by
the control plane after creating the ResourceClaim."
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy:
description: 'Restart policy for all containers within the
pod. One of Always, OnFailure, Never. In some contexts,
only a subset of those values may be permitted. Default
to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
type: string
runtimeClassName:
description: 'RuntimeClassName refers to a RuntimeClass object
in the node.k8s.io group, which should be used to run this
pod. If no RuntimeClass resource matches the named class,
the pod will not be run. If unset or empty, the "legacy"
RuntimeClass will be used, which is an implicit class with
an empty definition that uses the default runtime handler.
More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
type: string
schedulerName:
description: If specified, the pod will be dispatched by specified
scheduler. If not specified, the pod will be dispatched
by default scheduler.
type: string
schedulingGates:
description: "SchedulingGates is an opaque list of values
that if specified will block scheduling the pod. If schedulingGates
is not empty, the pod will stay in the SchedulingGated state
and the scheduler will not attempt to schedule the pod.
\n SchedulingGates can only be set at pod creation time,
and be removed only afterwards. \n This is a beta feature
enabled by the PodSchedulingReadiness feature gate."
items:
description: PodSchedulingGate is associated to a Pod to
guard its scheduling.
properties:
name:
description: Name of the scheduling gate. Each scheduling
gate must have a unique name field.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext:
description: 'SecurityContext holds pod-level security attributes
and common container settings. Optional: Defaults to empty. See
type description for default values of each field.'
properties:
fsGroup:
description: "A special supplemental group that applies
to all containers in a pod. Some volume types allow
the Kubelet to change the ownership of that volume to
be owned by the pod: \n 1. The owning GID will be the
FSGroup 2. The setgid bit is set (new files created
in the volume will be owned by FSGroup) 3. The permission
bits are OR'd with rw-rw---- \n If unset, the Kubelet
will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name
is windows."
format: int64
type: integer
fsGroupChangePolicy:
description: 'fsGroupChangePolicy defines behavior of
changing ownership and permission of the volume before
being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and
permissions). It will have no effect on ephemeral volume
types such as: secret, configmaps and emptydir. Valid
values are "OnRootMismatch" and "Always". If not specified,
"Always" is used. Note that this field cannot be set
when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be
set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container. Note that this
field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as
a non-root user. If true, the Kubelet will validate
the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it
does. If unset or false, no such validation will be
performed. May also be set in SecurityContext. If set
in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
for that container. Note that this field cannot be set
when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to all
containers. If unspecified, the container runtime will
allocate a random SELinux context for each container. May
also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container. Note that this
field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by the containers
in this pod. Note that this field cannot be set when
spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used. The
profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's
configured seccomp profile location. Must only be
set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp
profile will be applied. Valid options are: \n Localhost
- a profile defined in a file on the node should
be used. RuntimeDefault - the container runtime
default profile should be used. Unconfined - no
profile should be applied."
type: string
required:
- type
type: object
supplementalGroups:
description: A list of groups applied to the first process
run in each container, in addition to the container's
primary GID, the fsGroup (if specified), and group memberships
defined in the container image for the uid of the container
process. If unspecified, no additional groups are added
to any container. Note that group memberships defined
in the container image for the uid of the container
process are still effective, even if they are not included
in this list. Note that this field cannot be set when
spec.os.name is windows.
items:
format: int64
type: integer
type: array
sysctls:
description: Sysctls hold a list of namespaced sysctls
used for the pod. Pods with unsupported sysctls (by
the container runtime) might fail to launch. Note that
this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be
set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: The Windows specific settings applied to
all containers. If unspecified, the options within a
container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec
named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container. This
field is alpha-level and will only be honored by
components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the feature
flag will result in errors when validating the Pod.
All of a Pod's containers must have the same effective
HostProcess value (it is not allowed to have a mix
of HostProcess containers and non-HostProcess containers). In
addition, if HostProcess is true then HostNetwork
must also be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
serviceAccount:
description: 'DeprecatedServiceAccount is a depreciated alias
for ServiceAccountName. Deprecated: Use serviceAccountName
instead.'
type: string
serviceAccountName:
description: 'ServiceAccountName is the name of the ServiceAccount
to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
type: string
setHostnameAsFQDN:
description: If true the pod's hostname will be configured
as the pod's FQDN, rather than the leaf name (the default).
In Linux containers, this means setting the FQDN in the
hostname field of the kernel (the nodename field of struct
utsname). In Windows containers, this means setting the
registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
to FQDN. If a pod does not have FQDN, this has no effect.
Default to false.
type: boolean
shareProcessNamespace:
description: 'Share a single process namespace between all
of the containers in a pod. When this is set containers
will be able to view and signal processes from other containers
in the same pod, and the first process in each container
will not be assigned PID 1. HostPID and ShareProcessNamespace
cannot both be set. Optional: Default to false.'
type: boolean
subdomain:
description: If specified, the fully qualified Pod hostname
will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster
domain>". If not specified, the pod will not have a domainname
at all.
type: string
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod needs to
terminate gracefully. May be decreased in delete request.
Value must be non-negative integer. The value zero indicates
stop immediately via the kill signal (no opportunity to
shut down). If this value is nil, the default grace period
will be used instead. The grace period is the duration in
seconds after the processes running in the pod are sent
a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer
than the expected cleanup time for your process. Defaults
to 30 seconds.
format: int64
type: integer
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified,
allowed values are NoSchedule, PreferNoSchedule and
NoExecute.
type: string
key:
description: Key is the taint key that the toleration
applies to. Empty means match all taint keys. If the
key is empty, operator must be Exists; this combination
means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship
to the value. Valid operators are Exists and Equal.
Defaults to Equal. Exists is equivalent to wildcard
for value, so that a pod can tolerate all taints of
a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period
of time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the
taint forever (do not evict). Zero and negative values
will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration
matches to. If the operator is Exists, the value should
be empty, otherwise just a regular string.
type: string
type: object
type: array
topologySpreadConstraints:
description: TopologySpreadConstraints describes how a group
of pods ought to spread across topology domains. Scheduler
will schedule pods in a way which abides by the constraints.
All topologySpreadConstraints are ANDed.
items:
description: TopologySpreadConstraint specifies how to spread
matching pods among the given topology.
properties:
labelSelector:
description: LabelSelector is used to find matching
pods. Pods that match this label selector are counted
to determine the number of pods in their corresponding
topology domain.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
description: "MatchLabelKeys is a set of pod label keys
to select the pods over which spreading will be calculated.
The keys are used to lookup values from the incoming
pod labels, those key-value labels are ANDed with
labelSelector to select the group of existing pods
over which spreading will be calculated for the incoming
pod. The same key is forbidden to exist in both MatchLabelKeys
and LabelSelector. MatchLabelKeys cannot be set when
LabelSelector isn't set. Keys that don't exist in
the incoming pod labels will be ignored. A null or
empty list means only match against labelSelector.
\n This is a beta field and requires the MatchLabelKeysInPodTopologySpread
feature gate to be enabled (enabled by default)."
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which
pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the
number of matching pods in the target topology and
the global minimum. The global minimum is the minimum
number of matching pods in an eligible domain or zero
if the number of eligible domains is less than MinDomains.
For example, in a 3-zone cluster, MaxSkew is set to
1, and pods with the same labelSelector spread as
2/2/1: In this case, the global minimum is 1. | zone1
| zone2 | zone3 | | P P | P P | P | - if MaxSkew
is 1, incoming pod can only be scheduled to zone3
to become 2/2/2; scheduling it onto zone1(zone2) would
make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1).
- if MaxSkew is 2, incoming pod can be scheduled onto
any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies
that satisfy it. It''s a required field. Default value
is 1 and 0 is not allowed.'
format: int32
type: integer
minDomains:
description: "MinDomains indicates a minimum number
of eligible domains. When the number of eligible domains
with matching topology keys is less than minDomains,
Pod Topology Spread treats \"global minimum\" as 0,
and then the calculation of Skew is performed. And
when the number of eligible domains with matching
topology keys equals or greater than minDomains, this
value has no effect on scheduling. As a result, when
the number of eligible domains is less than minDomains,
scheduler won't schedule more than maxSkew Pods to
those domains. If value is nil, the constraint behaves
as if MinDomains is equal to 1. Valid values are integers
greater than 0. When value is not nil, WhenUnsatisfiable
must be DoNotSchedule. \n For example, in a 3-zone
cluster, MaxSkew is set to 2, MinDomains is set to
5 and pods with the same labelSelector spread as 2/2/2:
| zone1 | zone2 | zone3 | | P P | P P | P P |
The number of domains is less than 5(MinDomains),
so \"global minimum\" is treated as 0. In this situation,
new pod with the same labelSelector cannot be scheduled,
because computed skew will be 3(3 - 0) if new Pod
is scheduled to any of the three zones, it will violate
MaxSkew. \n This is a beta field and requires the
MinDomainsInPodTopologySpread feature gate to be enabled
(enabled by default)."
format: int32
type: integer
nodeAffinityPolicy:
description: "NodeAffinityPolicy indicates how we will
treat Pod's nodeAffinity/nodeSelector when calculating
pod topology spread skew. Options are: - Honor: only
nodes matching nodeAffinity/nodeSelector are included
in the calculations. - Ignore: nodeAffinity/nodeSelector
are ignored. All nodes are included in the calculations.
\n If this value is nil, the behavior is equivalent
to the Honor policy. This is a beta-level feature
default enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
nodeTaintsPolicy:
description: "NodeTaintsPolicy indicates how we will
treat node taints when calculating pod topology spread
skew. Options are: - Honor: nodes without taints,
along with tainted nodes for which the incoming pod
has a toleration, are included. - Ignore: node taints
are ignored. All nodes are included. \n If this value
is nil, the behavior is equivalent to the Ignore policy.
This is a beta-level feature default enabled by the
NodeInclusionPolicyInPodTopologySpread feature flag."
type: string
topologyKey:
description: TopologyKey is the key of node labels.
Nodes that have a label with this key and identical
values are considered to be in the same topology.
We consider each <key, value> as a "bucket", and try
to put balanced number of pods into each bucket. We
define a domain as a particular instance of a topology.
Also, we define an eligible domain as a domain whose
nodes meet the requirements of nodeAffinityPolicy
and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
each Node is a domain of that topology. And, if TopologyKey
is "topology.kubernetes.io/zone", each zone is a domain
of that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal
with a pod if it doesn''t satisfy the spread constraint.
- DoNotSchedule (default) tells the scheduler not
to schedule it. - ScheduleAnyway tells the scheduler
to schedule the pod in any location, but giving higher
precedence to topologies that would help reduce the
skew. A constraint is considered "Unsatisfiable" for
an incoming pod if and only if every possible node
assignment for that pod would violate "MaxSkew" on
some topology. For example, in a 3-zone cluster, MaxSkew
is set to 1, and pods with the same labelSelector
spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P
| P | P | If WhenUnsatisfiable is set to DoNotSchedule,
incoming pod can only be scheduled to zone2(zone3)
to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
satisfies MaxSkew(1). In other words, the cluster
can still be imbalanced, but scheduler won''t make
it *more* imbalanced. It''s a required field.'
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
x-kubernetes-list-map-keys:
- topologyKey
- whenUnsatisfiable
x-kubernetes-list-type: map
volumes:
description: 'List of volumes that can be mounted by containers
belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
items:
description: Volume represents a named volume in a pod that
may be accessed by any container in the pod.
properties:
awsElasticBlockStore:
description: 'awsElasticBlockStore represents an AWS
Disk resource that is attached to a kubelet''s host
machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
description: 'fsType is the filesystem type of the
volume that you want to mount. Tip: Ensure that
the filesystem type is supported by the host operating
system. Examples: "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
description: 'partition is the partition in the
volume that you want to mount. If omitted, the
default is to mount by volume name. Examples:
For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for /dev/sda
is "0" (or you can leave the property empty).'
format: int32
type: integer
readOnly:
description: 'readOnly value true will force the
readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
description: 'volumeID is unique ID of the persistent
disk resource in AWS (Amazon EBS volume). More
info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
description: azureDisk represents an Azure Data Disk
mount on the host and bind mount to the pod.
properties:
cachingMode:
description: 'cachingMode is the Host Caching mode:
None, Read Only, Read Write.'
type: string
diskName:
description: diskName is the Name of the data disk
in the blob storage
type: string
diskURI:
description: diskURI is the URI of data disk in
the blob storage
type: string
fsType:
description: fsType is Filesystem type to mount.
Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
kind:
description: 'kind expected values are Shared: multiple
blob disks per storage account Dedicated: single
blob disk per storage account Managed: azure
managed data disk (only in managed availability
set). defaults to shared'
type: string
readOnly:
description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
description: azureFile represents an Azure File Service
mount on the host and bind mount to the pod.
properties:
readOnly:
description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretName:
description: secretName is the name of secret that
contains Azure Storage Account Name and Key
type: string
shareName:
description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
description: cephFS represents a Ceph FS mount on the
host that shares a pod's lifetime
properties:
monitors:
description: 'monitors is Required: Monitors is
a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
description: 'path is Optional: Used as the mounted
root, rather than the full Ceph tree, default
is /'
type: string
readOnly:
description: 'readOnly is Optional: Defaults to
false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
description: 'secretFile is Optional: SecretFile
is the path to key ring for User, default is /etc/ceph/user.secret
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
description: 'secretRef is Optional: SecretRef is
reference to the authentication secret for User,
default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
user:
description: 'user is optional: User is the rados
user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
description: 'cinder represents a cinder volume attached
and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
description: 'fsType is the filesystem type to mount.
Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs".
Implicitly inferred to be "ext4" if unspecified.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
description: 'readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
description: 'secretRef is optional: points to a
secret object containing parameters used to connect
to OpenStack.'
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
volumeID:
description: 'volumeID used to identify the volume
in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
description: configMap represents a configMap that should
populate this volume
properties:
defaultMode:
description: 'defaultMode is optional: mode bits
used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or
a decimal value between 0 and 511. YAML accepts
both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories
within the path are not affected by this setting.
This might be in conflict with other options that
affect the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
items:
description: items if unspecified, each key-value
pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file whose
name is the key and content is the value. If specified,
the listed keys will be projected into the specified
paths, and unlisted keys will not be present.
If a key is specified which is not present in
the ConfigMap, the volume setup will error unless
it is marked optional. Paths must be relative
and may not contain the '..' path or start with
'..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: key is the key to project.
type: string
mode:
description: 'mode is Optional: mode bits
used to set permissions on this file. Must
be an octal value between 0000 and 0777
or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON
requires decimal values for mode bits. If
not specified, the volume defaultMode will
be used. This might be in conflict with
other options that affect the file mode,
like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: path is the relative path of
the file to map the key to. May not be an
absolute path. May not contain the path
element '..'. May not start with the string
'..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: optional specify whether the ConfigMap
or its keys must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
csi:
description: csi (Container Storage Interface) represents
ephemeral storage that is handled by certain external
CSI drivers (Beta feature).
properties:
driver:
description: driver is the name of the CSI driver
that handles this volume. Consult with your admin
for the correct name as registered in the cluster.
type: string
fsType:
description: fsType to mount. Ex. "ext4", "xfs",
"ntfs". If not provided, the empty value is passed
to the associated CSI driver which will determine
the default filesystem to apply.
type: string
nodePublishSecretRef:
description: nodePublishSecretRef is a reference
to the secret object containing sensitive information
to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
This field is optional, and may be empty if no
secret is required. If the secret object contains
more than one secret, all secret references are
passed.
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
readOnly:
description: readOnly specifies a read-only configuration
for the volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: volumeAttributes stores driver-specific
properties that are passed to the CSI driver.
Consult your driver's documentation for supported
values.
type: object
required:
- driver
type: object
downwardAPI:
description: downwardAPI represents downward API about
the pod that should populate this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created
files by default. Must be a Optional: mode bits
used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or
a decimal value between 0 and 511. YAML accepts
both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories
within the path are not affected by this setting.
This might be in conflict with other options that
affect the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
items:
description: Items is a list of downward API volume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing the
pod field
properties:
fieldRef:
description: 'Required: Selects a field of
the pod: only annotations, labels, name
and namespace are supported.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of, defaults
to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used to
set permissions on this file, must be an
octal value between 0000 and 0777 or a decimal
value between 0 and 511. YAML accepts both
octal and decimal values, JSON requires
decimal values for mode bits. If not specified,
the volume defaultMode will be used. This
might be in conflict with other options
that affect the file mode, like fsGroup,
and the result can be other mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative
path name of the file to be created. Must
not be absolute or contain the ''..'' path.
Must be utf-8 encoded. The first item of
the relative path must not start with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, requests.cpu and requests.memory)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
description: 'emptyDir represents a temporary directory
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
description: 'medium represents what type of storage
medium should back this directory. The default
is "" which means to use the node''s default medium.
Must be an empty string (default) or Memory. More
info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: 'sizeLimit is the total amount of local
storage required for this EmptyDir volume. The
size limit is also applicable for memory medium.
The maximum usage on memory medium EmptyDir would
be the minimum value between the SizeLimit specified
here and the sum of memory limits of all containers
in a pod. The default is nil which means that
the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
description: "ephemeral represents a volume that is
handled by a cluster storage driver. The volume's
lifecycle is tied to the pod that defines it - it
will be created before the pod starts, and deleted
when the pod is removed. \n Use this if: a) the volume
is only needed while the pod runs, b) features of
normal volumes like restoring from snapshot or capacity
tracking are needed, c) the storage driver is specified
through a storage class, and d) the storage driver
supports dynamic volume provisioning through a PersistentVolumeClaim
(see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
\n Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the
lifecycle of an individual pod. \n Use CSI for light-weight
local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the
driver for more information. \n A pod can use both
types of ephemeral volumes and persistent volumes
at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone
PVC to provision the volume. The pod in which
this EphemeralVolumeSource is embedded will be
the owner of the PVC, i.e. the PVC will be deleted
together with the pod. The name of the PVC will
be `<pod name>-<volume name>` where `<volume name>`
is the name from the `PodSpec.Volumes` array entry.
Pod validation will reject the pod if the concatenated
name is not valid for a PVC (for example, too
long). \n An existing PVC with that name that
is not owned by the pod will *not* be used for
the pod to avoid using an unrelated volume by
mistake. Starting the pod is then blocked until
the unrelated PVC is removed. If such a pre-created
PVC is meant to be used by the pod, the PVC has
to updated with an owner reference to the pod
once the pod exists. Normally this should not
be necessary, but it may be useful when manually
reconstructing a broken cluster. \n This field
is read-only and no changes will be made by Kubernetes
to the PVC after it has been created. \n Required,
must not be nil."
properties:
metadata:
description: May contain labels and annotations
that will be copied into the PVC when creating
it. No other fields are allowed and will be
rejected during validation.
type: object
spec:
description: The specification for the PersistentVolumeClaim.
The entire content is copied unchanged into
the PVC that gets created from this template.
The same fields as in a PersistentVolumeClaim
are also valid here.
properties:
accessModes:
description: 'accessModes contains the desired
access modes the volume should have. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
description: 'dataSource field can be used
to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
If the provisioner or an external controller
can support the specified data source,
it will create a new volume based on the
contents of the specified data source.
When the AnyVolumeDataSource feature gate
is enabled, dataSource contents will be
copied to dataSourceRef, and dataSourceRef
contents will be copied to dataSource
when dataSourceRef.namespace is not specified.
If the namespace is specified, then dataSourceRef
will not be copied to dataSource.'
properties:
apiGroup:
description: APIGroup is the group for
the resource being referenced. If
APIGroup is not specified, the specified
Kind must be in the core API group.
For any other third-party types, APIGroup
is required.
type: string
kind:
description: Kind is the type of resource
being referenced
type: string
name:
description: Name is the name of resource
being referenced
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
description: 'dataSourceRef specifies the
object from which to populate the volume
with data, if a non-empty volume is desired.
This may be any object from a non-empty
API group (non core object) or a PersistentVolumeClaim
object. When this field is specified,
volume binding will only succeed if the
type of the specified object matches some
installed volume populator or dynamic
provisioner. This field will replace the
functionality of the dataSource field
and as such if both fields are non-empty,
they must have the same value. For backwards
compatibility, when namespace isn''t specified
in dataSourceRef, both fields (dataSource
and dataSourceRef) will be set to the
same value automatically if one of them
is empty and the other is non-empty. When
namespace is specified in dataSourceRef,
dataSource isn''t set to the same value
and must be empty. There are three important
differences between dataSource and dataSourceRef:
* While dataSource only allows two specific
types of objects, dataSourceRef allows
any non-core object, as well as PersistentVolumeClaim
objects. * While dataSource ignores disallowed
values (dropping them), dataSourceRef
preserves all values, and generates an
error if a disallowed value is specified.
* While dataSource only allows local objects,
dataSourceRef allows objects in any namespaces.
(Beta) Using this field requires the AnyVolumeDataSource
feature gate to be enabled. (Alpha) Using
the namespace field of dataSourceRef requires
the CrossNamespaceVolumeDataSource feature
gate to be enabled.'
properties:
apiGroup:
description: APIGroup is the group for
the resource being referenced. If
APIGroup is not specified, the specified
Kind must be in the core API group.
For any other third-party types, APIGroup
is required.
type: string
kind:
description: Kind is the type of resource
being referenced
type: string
name:
description: Name is the name of resource
being referenced
type: string
namespace:
description: Namespace is the namespace
of resource being referenced Note
that when a namespace is specified,
a gateway.networking.k8s.io/ReferenceGrant
object is required in the referent
namespace to allow that namespace's
owner to accept the reference. See
the ReferenceGrant documentation for
details. (Alpha) This field requires
the CrossNamespaceVolumeDataSource
feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
description: 'resources represents the minimum
resources the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to
specify resource requirements that are
lower than previous value but must still
be higher than capacity recorded in the
status field of the claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
claims:
description: "Claims lists the names
of resources, defined in spec.resourceClaims,
that are used by this container. \n
This is an alpha field and requires
enabling the DynamicResourceAllocation
feature gate. \n This field is immutable.
It can only be set for containers."
items:
description: ResourceClaim references
one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the
name of one entry in pod.spec.resourceClaims
of the Pod where this field
is used. It makes that resource
available inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum
amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the
minimum amount of compute resources
required. If Requests is omitted for
a container, it defaults to Limits
if that is explicitly specified, otherwise
to an implementation-defined value.
Requests cannot exceed Limits. More
info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
description: selector is a label query over
volumes to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array
of string values. If the operator
is In or NotIn, the values array
must be non-empty. If the operator
is Exists or DoesNotExist, the
values array must be empty.
This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs. A single {key,value}
in the matchLabels map is equivalent
to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are
ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
description: 'storageClassName is the name
of the StorageClass required by the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type
of volume is required by the claim. Value
of Filesystem is implied when not included
in claim spec.
type: string
volumeName:
description: volumeName is the binding reference
to the PersistentVolume backing this claim.
type: string
type: object
required:
- spec
type: object
type: object
fc:
description: fc represents a Fibre Channel resource
that is attached to a kubelet's host machine and then
exposed to the pod.
properties:
fsType:
description: 'fsType is the filesystem type to mount.
Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. TODO: how
do we prevent errors in the filesystem from compromising
the machine'
type: string
lun:
description: 'lun is Optional: FC target lun number'
format: int32
type: integer
readOnly:
description: 'readOnly is Optional: Defaults to
false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
description: 'targetWWNs is Optional: FC target
worldwide names (WWNs)'
items:
type: string
type: array
wwids:
description: 'wwids Optional: FC volume world wide
identifiers (wwids) Either wwids or combination
of targetWWNs and lun must be set, but not both
simultaneously.'
items:
type: string
type: array
type: object
flexVolume:
description: flexVolume represents a generic volume
resource that is provisioned/attached using an exec
based plugin.
properties:
driver:
description: driver is the name of the driver to
use for this volume.
type: string
fsType:
description: fsType is the filesystem type to mount.
Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". The
default filesystem depends on FlexVolume script.
type: string
options:
additionalProperties:
type: string
description: 'options is Optional: this field holds
extra command options if any.'
type: object
readOnly:
description: 'readOnly is Optional: defaults to
false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
description: 'secretRef is Optional: secretRef is
reference to the secret object containing sensitive
information to pass to the plugin scripts. This
may be empty if no secret object is specified.
If the secret object contains more than one secret,
all secrets are passed to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
description: flocker represents a Flocker volume attached
to a kubelet's host machine. This depends on the Flocker
control service being running
properties:
datasetName:
description: datasetName is Name of the dataset
stored as metadata -> name on the dataset for
Flocker should be considered as deprecated
type: string
datasetUUID:
description: datasetUUID is the UUID of the dataset.
This is unique identifier of a Flocker dataset
type: string
type: object
gcePersistentDisk:
description: 'gcePersistentDisk represents a GCE Disk
resource that is attached to a kubelet''s host machine
and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
description: 'fsType is filesystem type of the volume
that you want to mount. Tip: Ensure that the filesystem
type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred
to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
description: 'partition is the partition in the
volume that you want to mount. If omitted, the
default is to mount by volume name. Examples:
For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for /dev/sda
is "0" (or you can leave the property empty).
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
description: 'pdName is unique name of the PD resource
in GCE. Used to identify the disk in GCE. More
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false. More
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
required:
- pdName
type: object
gitRepo:
description: 'gitRepo represents a git repository at
a particular revision. DEPRECATED: GitRepo is deprecated.
To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo
using git, then mount the EmptyDir into the Pod''s
container.'
properties:
directory:
description: directory is the target directory name.
Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git
repository. Otherwise, if specified, the volume
will contain the git repository in the subdirectory
with the given name.
type: string
repository:
description: repository is the URL
type: string
revision:
description: revision is the commit hash for the
specified revision.
type: string
required:
- repository
type: object
glusterfs:
description: 'glusterfs represents a Glusterfs mount
on the host that shares a pod''s lifetime. More info:
https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
description: 'endpoints is the endpoint name that
details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
description: 'path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
description: 'readOnly here will force the Glusterfs
volume to be mounted with read-only permissions.
Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
required:
- endpoints
- path
type: object
hostPath:
description: 'hostPath represents a pre-existing file
or directory on the host machine that is directly
exposed to the container. This is generally used for
system agents or other privileged things that are
allowed to see the host machine. Most containers will
NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
--- TODO(jonesdl) We need to restrict who can use
host directory mounts and who can/can not mount host
directories as read/write.'
properties:
path:
description: 'path of the directory on the host.
If the path is a symlink, it will follow the link
to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
description: 'type for HostPath Volume Defaults
to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
description: 'iscsi represents an ISCSI Disk resource
that is attached to a kubelet''s host machine and
then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
description: chapAuthDiscovery defines whether support
iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
description: chapAuthSession defines whether support
iSCSI Session CHAP authentication
type: boolean
fsType:
description: 'fsType is the filesystem type of the
volume that you want to mount. Tip: Ensure that
the filesystem type is supported by the host operating
system. Examples: "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. More info:
https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
initiatorName:
description: initiatorName is the custom iSCSI Initiator
Name. If initiatorName is specified with iscsiInterface
simultaneously, new iSCSI interface <target portal>:<volume
name> will be created for the connection.
type: string
iqn:
description: iqn is the target iSCSI Qualified Name.
type: string
iscsiInterface:
description: iscsiInterface is the interface Name
that uses an iSCSI transport. Defaults to 'default'
(tcp).
type: string
lun:
description: lun represents iSCSI Target Lun number.
format: int32
type: integer
portals:
description: portals is the iSCSI Target Portal
List. The portal is either an IP or ip_addr:port
if the port is other than default (typically TCP
ports 860 and 3260).
items:
type: string
type: array
readOnly:
description: readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
description: secretRef is the CHAP Secret for iSCSI
target and initiator authentication
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
targetPortal:
description: targetPortal is iSCSI Target Portal.
The Portal is either an IP or ip_addr:port if
the port is other than default (typically TCP
ports 860 and 3260).
type: string
required:
- iqn
- lun
- targetPortal
type: object
name:
description: 'name of the volume. Must be a DNS_LABEL
and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
nfs:
description: 'nfs represents an NFS mount on the host
that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
description: 'path that is exported by the NFS server.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
description: 'readOnly here will force the NFS export
to be mounted with read-only permissions. Defaults
to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
description: 'server is the hostname or IP address
of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'persistentVolumeClaimVolumeSource represents
a reference to a PersistentVolumeClaim in the same
namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
description: readOnly Will force the ReadOnly setting
in VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host
machine
properties:
fsType:
description: fsType is the filesystem type to mount.
Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
pdID:
description: pdID is the ID that identifies Photon
Controller persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
description: portworxVolume represents a portworx volume
attached and mounted on kubelets host machine
properties:
fsType:
description: fSType represents the filesystem type
to mount Must be a filesystem type supported by
the host operating system. Ex. "ext4", "xfs".
Implicitly inferred to be "ext4" if unspecified.
type: string
readOnly:
description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
volumeID:
description: volumeID uniquely identifies a Portworx
volume
type: string
required:
- volumeID
type: object
projected:
description: projected items for all in one resources
secrets, configmaps, and downward API
properties:
defaultMode:
description: defaultMode are the mode bits used
to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or
a decimal value between 0 and 511. YAML accepts
both octal and decimal values, JSON requires decimal
values for mode bits. Directories within the path
are not affected by this setting. This might be
in conflict with other options that affect the
file mode, like fsGroup, and the result can be
other mode bits set.
format: int32
type: integer
sources:
description: sources is the list of volume projections
items:
description: Projection that may be projected
along with other supported volume types
properties:
configMap:
description: configMap information about the
configMap data to project
properties:
items:
description: items if unspecified, each
key-value pair in the Data field of
the referenced ConfigMap will be projected
into the volume as a file whose name
is the key and content is the value.
If specified, the listed keys will be
projected into the specified paths,
and unlisted keys will not be present.
If a key is specified which is not present
in the ConfigMap, the volume setup will
error unless it is marked optional.
Paths must be relative and may not contain
the '..' path or start with '..'.
items:
description: Maps a string key to a
path within a volume.
properties:
key:
description: key is the key to project.
type: string
mode:
description: 'mode is Optional:
mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777 or
a decimal value between 0 and
511. YAML accepts both octal and
decimal values, JSON requires
decimal values for mode bits.
If not specified, the volume defaultMode
will be used. This might be in
conflict with other options that
affect the file mode, like fsGroup,
and the result can be other mode
bits set.'
format: int32
type: integer
path:
description: path is the relative
path of the file to map the key
to. May not be an absolute path.
May not contain the path element
'..'. May not start with the string
'..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: optional specify whether
the ConfigMap or its keys must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
downwardAPI:
description: downwardAPI information about
the downwardAPI data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing
the pod field
properties:
fieldRef:
description: 'Required: Selects
a field of the pod: only annotations,
labels, name and namespace are
supported.'
properties:
apiVersion:
description: Version of the
schema the FieldPath is written
in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field
to select in the specified
API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits
used to set permissions on this
file, must be an octal value between
0000 and 0777 or a decimal value
between 0 and 511. YAML accepts
both octal and decimal values,
JSON requires decimal values for
mode bits. If not specified, the
volume defaultMode will be used.
This might be in conflict with
other options that affect the
file mode, like fsGroup, and the
result can be other mode bits
set.'
format: int32
type: integer
path:
description: 'Required: Path is the
relative path name of the file
to be created. Must not be absolute
or contain the ''..'' path. Must
be utf-8 encoded. The first item
of the relative path must not
start with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource
of the container: only resources
limits and requests (limits.cpu,
limits.memory, requests.cpu and
requests.memory) are currently
supported.'
properties:
containerName:
description: 'Container name:
required for volumes, optional
for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource
to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
description: secret information about the
secret data to project
properties:
items:
description: items if unspecified, each
key-value pair in the Data field of
the referenced Secret will be projected
into the volume as a file whose name
is the key and content is the value.
If specified, the listed keys will be
projected into the specified paths,
and unlisted keys will not be present.
If a key is specified which is not present
in the Secret, the volume setup will
error unless it is marked optional.
Paths must be relative and may not contain
the '..' path or start with '..'.
items:
description: Maps a string key to a
path within a volume.
properties:
key:
description: key is the key to project.
type: string
mode:
description: 'mode is Optional:
mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777 or
a decimal value between 0 and
511. YAML accepts both octal and
decimal values, JSON requires
decimal values for mode bits.
If not specified, the volume defaultMode
will be used. This might be in
conflict with other options that
affect the file mode, like fsGroup,
and the result can be other mode
bits set.'
format: int32
type: integer
path:
description: path is the relative
path of the file to map the key
to. May not be an absolute path.
May not contain the path element
'..'. May not start with the string
'..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: optional field specify whether
the Secret or its key must be defined
type: boolean
type: object
x-kubernetes-map-type: atomic
serviceAccountToken:
description: serviceAccountToken is information
about the serviceAccountToken data to project
properties:
audience:
description: audience is the intended
audience of the token. A recipient of
a token must identify itself with an
identifier specified in the audience
of the token, and otherwise should reject
the token. The audience defaults to
the identifier of the apiserver.
type: string
expirationSeconds:
description: expirationSeconds is the
requested duration of validity of the
service account token. As the token
approaches expiration, the kubelet volume
plugin will proactively rotate the service
account token. The kubelet will start
trying to rotate the token if the token
is older than 80 percent of its time
to live or if the token is older than
24 hours.Defaults to 1 hour and must
be at least 10 minutes.
format: int64
type: integer
path:
description: path is the path relative
to the mount point of the file to project
the token into.
type: string
required:
- path
type: object
type: object
type: array
type: object
quobyte:
description: quobyte represents a Quobyte mount on the
host that shares a pod's lifetime
properties:
group:
description: group to map volume access to Default
is no group
type: string
readOnly:
description: readOnly here will force the Quobyte
volume to be mounted with read-only permissions.
Defaults to false.
type: boolean
registry:
description: registry represents a single or multiple
Quobyte Registry services specified as a string
as host:port pair (multiple entries are separated
with commas) which acts as the central registry
for volumes
type: string
tenant:
description: tenant owning the given Quobyte volume
in the Backend Used with dynamically provisioned
Quobyte volumes, value is set by the plugin
type: string
user:
description: user to map volume access to Defaults
to serivceaccount user
type: string
volume:
description: volume is a string that references
an already created Quobyte volume by name.
type: string
required:
- registry
- volume
type: object
rbd:
description: 'rbd represents a Rados Block Device mount
on the host that shares a pod''s lifetime. More info:
https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
description: 'fsType is the filesystem type of the
volume that you want to mount. Tip: Ensure that
the filesystem type is supported by the host operating
system. Examples: "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. More info:
https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
image:
description: 'image is the rados image name. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
description: 'keyring is the path to key ring for
RBDUser. Default is /etc/ceph/keyring. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
description: 'monitors is a collection of Ceph monitors.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
description: 'pool is the rados pool name. Default
is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
description: 'secretRef is name of the authentication
secret for RBDUser. If provided overrides keyring.
Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
user:
description: 'user is the rados user name. Default
is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
description: scaleIO represents a ScaleIO persistent
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
description: fsType is the filesystem type to mount.
Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Default
is "xfs".
type: string
gateway:
description: gateway is the host address of the
ScaleIO API Gateway.
type: string
protectionDomain:
description: protectionDomain is the name of the
ScaleIO Protection Domain for the configured storage.
type: string
readOnly:
description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
description: secretRef references to the secret
for ScaleIO user and other sensitive information.
If this is not provided, Login operation will
fail.
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
sslEnabled:
description: sslEnabled Flag enable/disable SSL
communication with Gateway, default false
type: boolean
storageMode:
description: storageMode indicates whether the storage
for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
type: string
storagePool:
description: storagePool is the ScaleIO Storage
Pool associated with the protection domain.
type: string
system:
description: system is the name of the storage system
as configured in ScaleIO.
type: string
volumeName:
description: volumeName is the name of a volume
already created in the ScaleIO system that is
associated with this volume source.
type: string
required:
- gateway
- secretRef
- system
type: object
secret:
description: 'secret represents a secret that should
populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
description: 'defaultMode is Optional: mode bits
used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or
a decimal value between 0 and 511. YAML accepts
both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories
within the path are not affected by this setting.
This might be in conflict with other options that
affect the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
items:
description: items If unspecified, each key-value
pair in the Data field of the referenced Secret
will be projected into the volume as a file whose
name is the key and content is the value. If specified,
the listed keys will be projected into the specified
paths, and unlisted keys will not be present.
If a key is specified which is not present in
the Secret, the volume setup will error unless
it is marked optional. Paths must be relative
and may not contain the '..' path or start with
'..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: key is the key to project.
type: string
mode:
description: 'mode is Optional: mode bits
used to set permissions on this file. Must
be an octal value between 0000 and 0777
or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON
requires decimal values for mode bits. If
not specified, the volume defaultMode will
be used. This might be in conflict with
other options that affect the file mode,
like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: path is the relative path of
the file to map the key to. May not be an
absolute path. May not contain the path
element '..'. May not start with the string
'..'.
type: string
required:
- key
- path
type: object
type: array
optional:
description: optional field specify whether the
Secret or its keys must be defined
type: boolean
secretName:
description: 'secretName is the name of the secret
in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
description: storageOS represents a StorageOS volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
description: fsType is the filesystem type to mount.
Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
readOnly:
description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
description: secretRef specifies the secret to use
for obtaining the StorageOS API credentials. If
not specified, default values will be attempted.
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
volumeName:
description: volumeName is the human-readable name
of the StorageOS volume. Volume names are only
unique within a namespace.
type: string
volumeNamespace:
description: volumeNamespace specifies the scope
of the volume within StorageOS. If no namespace
is specified then the Pod's namespace will be
used. This allows the Kubernetes name scoping
to be mirrored within StorageOS for tighter integration.
Set VolumeName to any name to override the default
behaviour. Set to "default" if you are not using
namespaces within StorageOS. Namespaces that do
not pre-exist within StorageOS will be created.
type: string
type: object
vsphereVolume:
description: vsphereVolume represents a vSphere volume
attached and mounted on kubelets host machine
properties:
fsType:
description: fsType is filesystem type to mount.
Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
storagePolicyID:
description: storagePolicyID is the storage Policy
Based Management (SPBM) profile ID associated
with the StoragePolicyName.
type: string
storagePolicyName:
description: storagePolicyName is the storage Policy
Based Management (SPBM) profile name.
type: string
volumePath:
description: volumePath is the path that identifies
vSphere volume vmdk
type: string
required:
- volumePath
type: object
required:
- name
type: object
type: array
required:
- containers
type: object
type: object
type:
default: rw
description: Which instances we must forward traffic to?
enum:
- rw
- ro
type: string
required:
- cluster
- instances
- pgbouncer
- type
type: object
status:
description: PoolerStatus defines the observed state of Pooler
properties:
instances:
description: The number of pods trying to be scheduled
format: int32
type: integer
secrets:
description: The resource version of the config object
properties:
clientCA:
description: The client CA secret version
properties:
name:
description: The name of the secret
type: string
version:
description: The ResourceVersion of the secret
type: string
type: object
pgBouncerSecrets:
description: The version of the secrets used by PgBouncer
properties:
authQuery:
description: The auth query secret version
properties:
name:
description: The name of the secret
type: string
version:
description: The ResourceVersion of the secret
type: string
type: object
type: object
serverCA:
description: The server CA secret version
properties:
name:
description: The name of the secret
type: string
version:
description: The ResourceVersion of the secret
type: string
type: object
serverTLS:
description: The server TLS secret version
properties:
name:
description: The name of the secret
type: string
version:
description: The ResourceVersion of the secret
type: string
type: object
type: object
type: object
type: object
served: true
storage: true
subresources:
scale:
specReplicasPath: .spec.instances
statusReplicasPath: .status.instances
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: scheduledbackups.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: ScheduledBackup
listKind: ScheduledBackupList
plural: scheduledbackups
singular: scheduledbackup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.cluster.name
name: Cluster
type: string
- jsonPath: .status.lastScheduleTime
name: Last Backup
type: date
name: v1
schema:
openAPIV3Schema:
description: ScheduledBackup is the Schema for the scheduledbackups API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the desired behavior of the ScheduledBackup.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
backupOwnerReference:
default: none
description: 'Indicates which ownerReference should be put inside
the created backup resources.<br /> - none: no owner reference for
created backup objects (same behavior as before the field was introduced)<br
/> - self: sets the Scheduled backup object as owner of the backup<br
/> - cluster: set the cluster as owner of the backup<br />'
enum:
- none
- self
- cluster
type: string
cluster:
description: The cluster to backup
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
immediate:
description: If the first backup has to be immediately start after
creation or not
type: boolean
schedule:
description: The schedule does not follow the same format used in
Kubernetes CronJobs as it includes an additional seconds specifier,
see https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format
type: string
suspend:
description: If this backup is suspended or not
type: boolean
target:
description: The policy to decide which instance should perform this
backup. If empty, it defaults to `cluster.spec.backup.target`. Available
options are empty string, `primary` and `prefer-standby`. `primary`
to have backups run always on primary instances, `prefer-standby`
to have backups run preferably on the most updated standby, if available.
enum:
- primary
- prefer-standby
type: string
required:
- schedule
type: object
status:
description: 'Most recently observed status of the ScheduledBackup. This
data may not be up to date. Populated by the system. Read-only. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
lastCheckTime:
description: The latest time the schedule
format: date-time
type: string
lastScheduleTime:
description: Information when was the last time that backup was successfully
scheduled.
format: date-time
type: string
nextScheduleTime:
description: Next time we will run a backup
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cnpg-manager
namespace: cnpg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cnpg-manager
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- get
- list
- patch
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- list
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- update
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- apiGroups:
- monitoring.coreos.com
resources:
- podmonitors
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- backups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- backups/status
verbs:
- get
- patch
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/finalizers
verbs:
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- poolers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- poolers/finalizers
verbs:
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- poolers/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- scheduledbackups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- scheduledbackups/status
verbs:
- get
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
verbs:
- create
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cnpg-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cnpg-manager
subjects:
- kind: ServiceAccount
name: cnpg-manager
namespace: cnpg-system
---
apiVersion: v1
data:
queries: |
backends:
query: |
SELECT sa.datname
, sa.usename
, sa.application_name
, states.state
, COALESCE(sa.count, 0) AS total
, COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds
FROM ( VALUES ('active')
, ('idle')
, ('idle in transaction')
, ('idle in transaction (aborted)')
, ('fastpath function call')
, ('disabled')
) AS states(state)
LEFT JOIN (
SELECT datname
, state
, usename
, COALESCE(application_name, '') AS application_name
, COUNT(*)
, COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
FROM pg_catalog.pg_stat_activity
GROUP BY datname, state, usename, application_name
) sa ON states.state = sa.state
WHERE sa.usename IS NOT NULL
metrics:
- datname:
usage: "LABEL"
description: "Name of the database"
- usename:
usage: "LABEL"
description: "Name of the user"
- application_name:
usage: "LABEL"
description: "Name of the application"
- state:
usage: "LABEL"
description: "State of the backend"
- total:
usage: "GAUGE"
description: "Number of backends"
- max_tx_duration_seconds:
usage: "GAUGE"
description: "Maximum duration of a transaction in seconds"
backends_waiting:
query: |
SELECT count(*) AS total
FROM pg_catalog.pg_locks blocked_locks
JOIN pg_catalog.pg_locks blocking_locks
ON blocking_locks.locktype = blocked_locks.locktype
AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page
AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple
AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid
AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid
AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid
AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
AND blocking_locks.pid != blocked_locks.pid
JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
WHERE NOT blocked_locks.granted
metrics:
- total:
usage: "GAUGE"
description: "Total number of backends that are currently waiting on other queries"
pg_database:
query: |
SELECT datname
, pg_catalog.pg_database_size(datname) AS size_bytes
, pg_catalog.age(datfrozenxid) AS xid_age
, pg_catalog.mxid_age(datminmxid) AS mxid_age
FROM pg_catalog.pg_database
metrics:
- datname:
usage: "LABEL"
description: "Name of the database"
- size_bytes:
usage: "GAUGE"
description: "Disk space used by the database"
- xid_age:
usage: "GAUGE"
description: "Number of transactions from the frozen XID to the current one"
- mxid_age:
usage: "GAUGE"
description: "Number of multiple transactions (Multixact) from the frozen XID to the current one"
pg_postmaster:
query: |
SELECT EXTRACT(EPOCH FROM pg_postmaster_start_time) AS start_time
FROM pg_catalog.pg_postmaster_start_time()
metrics:
- start_time:
usage: "GAUGE"
description: "Time at which postgres started (based on epoch)"
pg_replication:
query: "SELECT CASE WHEN NOT pg_catalog.pg_is_in_recovery()
THEN 0
ELSE GREATEST (0,
EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
END AS lag,
pg_catalog.pg_is_in_recovery() AS in_recovery,
EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
(SELECT count(*) FROM pg_stat_replication) AS streaming_replicas"
metrics:
- lag:
usage: "GAUGE"
description: "Replication lag behind primary in seconds"
- in_recovery:
usage: "GAUGE"
description: "Whether the instance is in recovery"
- is_wal_receiver_up:
usage: "GAUGE"
description: "Whether the instance wal_receiver is up"
- streaming_replicas:
usage: "GAUGE"
description: "Number of streaming replicas connected to the instance"
pg_replication_slots:
query: |
SELECT slot_name,
slot_type,
database,
active,
pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn)
FROM pg_catalog.pg_replication_slots
WHERE NOT temporary
metrics:
- slot_name:
usage: "LABEL"
description: "Name of the replication slot"
- slot_type:
usage: "LABEL"
description: "Type of the replication slot"
- database:
usage: "LABEL"
description: "Name of the database"
- active:
usage: "GAUGE"
description: "Flag indicating whether the slot is active"
- pg_wal_lsn_diff:
usage: "GAUGE"
description: "Replication lag in bytes"
pg_stat_archiver:
query: |
SELECT archived_count
, failed_count
, COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival
, COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure
, COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time
, COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time
, COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
, COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
, EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
FROM pg_catalog.pg_stat_archiver
metrics:
- archived_count:
usage: "COUNTER"
description: "Number of WAL files that have been successfully archived"
- failed_count:
usage: "COUNTER"
description: "Number of failed attempts for archiving WAL files"
- seconds_since_last_archival:
usage: "GAUGE"
description: "Seconds since the last successful archival operation"
- seconds_since_last_failure:
usage: "GAUGE"
description: "Seconds since the last failed archival operation"
- last_archived_time:
usage: "GAUGE"
description: "Epoch of the last time WAL archiving succeeded"
- last_failed_time:
usage: "GAUGE"
description: "Epoch of the last time WAL archiving failed"
- last_archived_wal_start_lsn:
usage: "GAUGE"
description: "Archived WAL start LSN"
- last_failed_wal_start_lsn:
usage: "GAUGE"
description: "Last failed WAL LSN"
- stats_reset_time:
usage: "GAUGE"
description: "Time at which these statistics were last reset"
pg_stat_bgwriter:
query: |
SELECT checkpoints_timed
, checkpoints_req
, checkpoint_write_time
, checkpoint_sync_time
, buffers_checkpoint
, buffers_clean
, maxwritten_clean
, buffers_backend
, buffers_backend_fsync
, buffers_alloc
FROM pg_catalog.pg_stat_bgwriter
metrics:
- checkpoints_timed:
usage: "COUNTER"
description: "Number of scheduled checkpoints that have been performed"
- checkpoints_req:
usage: "COUNTER"
description: "Number of requested checkpoints that have been performed"
- checkpoint_write_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds"
- checkpoint_sync_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds"
- buffers_checkpoint:
usage: "COUNTER"
description: "Number of buffers written during checkpoints"
- buffers_clean:
usage: "COUNTER"
description: "Number of buffers written by the background writer"
- maxwritten_clean:
usage: "COUNTER"
description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers"
- buffers_backend:
usage: "COUNTER"
description: "Number of buffers written directly by a backend"
- buffers_backend_fsync:
usage: "COUNTER"
description: "Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)"
- buffers_alloc:
usage: "COUNTER"
description: "Number of buffers allocated"
pg_stat_database:
query: |
SELECT datname
, xact_commit
, xact_rollback
, blks_read
, blks_hit
, tup_returned
, tup_fetched
, tup_inserted
, tup_updated
, tup_deleted
, conflicts
, temp_files
, temp_bytes
, deadlocks
, blk_read_time
, blk_write_time
FROM pg_catalog.pg_stat_database
metrics:
- datname:
usage: "LABEL"
description: "Name of this database"
- xact_commit:
usage: "COUNTER"
description: "Number of transactions in this database that have been committed"
- xact_rollback:
usage: "COUNTER"
description: "Number of transactions in this database that have been rolled back"
- blks_read:
usage: "COUNTER"
description: "Number of disk blocks read in this database"
- blks_hit:
usage: "COUNTER"
description: "Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache)"
- tup_returned:
usage: "COUNTER"
description: "Number of rows returned by queries in this database"
- tup_fetched:
usage: "COUNTER"
description: "Number of rows fetched by queries in this database"
- tup_inserted:
usage: "COUNTER"
description: "Number of rows inserted by queries in this database"
- tup_updated:
usage: "COUNTER"
description: "Number of rows updated by queries in this database"
- tup_deleted:
usage: "COUNTER"
description: "Number of rows deleted by queries in this database"
- conflicts:
usage: "COUNTER"
description: "Number of queries canceled due to conflicts with recovery in this database"
- temp_files:
usage: "COUNTER"
description: "Number of temporary files created by queries in this database"
- temp_bytes:
usage: "COUNTER"
description: "Total amount of data written to temporary files by queries in this database"
- deadlocks:
usage: "COUNTER"
description: "Number of deadlocks detected in this database"
- blk_read_time:
usage: "COUNTER"
description: "Time spent reading data file blocks by backends in this database, in milliseconds"
- blk_write_time:
usage: "COUNTER"
description: "Time spent writing data file blocks by backends in this database, in milliseconds"
pg_stat_replication:
primary: true
query: |
SELECT usename
, COALESCE(application_name, '') AS application_name
, COALESCE(client_addr::text, '') AS client_addr
, EXTRACT(EPOCH FROM backend_start) AS backend_start
, COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes
, COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes
, COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds
, COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds
, COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds
FROM pg_catalog.pg_stat_replication
metrics:
- usename:
usage: "LABEL"
description: "Name of the replication user"
- application_name:
usage: "LABEL"
description: "Name of the application"
- client_addr:
usage: "LABEL"
description: "Client IP address"
- backend_start:
usage: "COUNTER"
description: "Time when this process was started"
- backend_xmin_age:
usage: "COUNTER"
description: "The age of this standby's xmin horizon"
- sent_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location sent on this connection"
- write_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location written to disk by this standby server"
- flush_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location flushed to disk by this standby server"
- replay_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location replayed into the database on this standby server"
- write_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written it"
- flush_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it"
- replay_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written, flushed and applied it"
pg_settings:
query: |
SELECT name,
CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END AS setting
FROM pg_catalog.pg_settings
WHERE vartype IN ('integer', 'real', 'bool')
ORDER BY 1
metrics:
- name:
usage: "LABEL"
description: "Name of the setting"
- setting:
usage: "GAUGE"
description: "Setting value"
kind: ConfigMap
metadata:
labels:
cnpg.io/reload: ""
name: cnpg-default-monitoring
namespace: cnpg-system
---
apiVersion: v1
kind: Service
metadata:
name: cnpg-webhook-service
namespace: cnpg-system
spec:
ports:
- port: 443
targetPort: 9443
selector:
app.kubernetes.io/name: cloudnative-pg
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: cloudnative-pg
name: cnpg-controller-manager
namespace: cnpg-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: cloudnative-pg
template:
metadata:
labels:
app.kubernetes.io/name: cloudnative-pg
spec:
containers:
- args:
- controller
- --leader-elect
- --config-map-name=cnpg-controller-manager-config
- --secret-name=cnpg-controller-manager-config
- --webhook-port=9443
command:
- /manager
env:
- name: OPERATOR_IMAGE_NAME
value: ghcr.io/cloudnative-pg/cloudnative-pg:1.20.2
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MONITORING_QUERIES_CONFIGMAP
value: cnpg-default-monitoring
image: ghcr.io/cloudnative-pg/cloudnative-pg:1.20.2
livenessProbe:
httpGet:
path: /readyz
port: 9443
scheme: HTTPS
name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 9443
scheme: HTTPS
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 10001
runAsUser: 10001
volumeMounts:
- mountPath: /controller
name: scratch-data
- mountPath: /run/secrets/cnpg.io/webhook
name: webhook-certificates
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: cnpg-manager
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: scratch-data
- name: webhook-certificates
secret:
defaultMode: 420
optional: true
secretName: cnpg-webhook-cert
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: cnpg-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: cnpg-system
path: /mutate-postgresql-cnpg-io-v1-backup
failurePolicy: Fail
name: mbackup.kb.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- backups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: cnpg-system
path: /mutate-postgresql-cnpg-io-v1-cluster
failurePolicy: Fail
name: mcluster.kb.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- clusters
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: cnpg-system
path: /mutate-postgresql-cnpg-io-v1-scheduledbackup
failurePolicy: Fail
name: mscheduledbackup.kb.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- scheduledbackups
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: cnpg-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: cnpg-system
path: /validate-postgresql-cnpg-io-v1-backup
failurePolicy: Fail
name: vbackup.kb.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- backups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: cnpg-system
path: /validate-postgresql-cnpg-io-v1-cluster
failurePolicy: Fail
name: vcluster.kb.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- clusters
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: cnpg-system
path: /validate-postgresql-cnpg-io-v1-pooler
failurePolicy: Fail
name: vpooler.kb.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- poolers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: cnpg-system
path: /validate-postgresql-cnpg-io-v1-scheduledbackup
failurePolicy: Fail
name: vscheduledbackup.kb.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- scheduledbackups
sideEffects: None
Reference in New Issue View Git Blame Copy Permalink