From 320e28d7070b387c330385773625a246cc3b6535 Mon Sep 17 00:00:00 2001 From: 1gtm <1gtm@appscode.com> Date: Sat, 20 Jan 2024 05:32:41 +0000 Subject: [PATCH] Prepare for release v0.41.0-beta.1 ProductLine: KubeDB Release: v2024.1.19-beta.1 Release-tracker: https://github.com/kubedb/CHANGELOG/pull/81 Signed-off-by: 1gtm <1gtm@appscode.com> --- go.mod | 4 +- go.sum | 8 +- .../apimachinery/apis/constant.go | 12 +- .../v1alpha1/backupconfiguration_webhook.go | 19 - .../core/v1alpha1/restoresession_types.go | 5 - .../core/v1alpha1/zz_generated.deepcopy.go | 1 - .../storage/v1alpha1/backupstorage_webhook.go | 26 +- .../apis/storage/v1alpha1/types.go | 46 +- .../storage/v1alpha1/zz_generated.deepcopy.go | 60 - .../crds/addons.kubestash.com_addons.yaml | 636 +- .../crds/addons.kubestash.com_functions.yaml | 85 +- .../core.kubestash.com_backupbatches.yaml | 4196 ++++++++++++-- .../core.kubestash.com_backupblueprints.yaml | 4491 ++++++++++++-- ...re.kubestash.com_backupconfigurations.yaml | 3951 +++++++++++-- .../core.kubestash.com_hooktemplates.yaml | 214 +- .../core.kubestash.com_restoresessions.yaml | 5162 ++++++++--------- .../storage.kubestash.com_backupstorages.yaml | 586 +- vendor/modules.txt | 4 +- 18 files changed, 14740 insertions(+), 4766 deletions(-) diff --git a/go.mod b/go.mod index 32e202c0f..b8df55670 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( kmodules.xyz/client-go v0.29.6 kmodules.xyz/custom-resources v0.29.0 kmodules.xyz/monitoring-agent-api v0.29.0 - kubedb.dev/apimachinery v0.41.0-beta.0.0.20240119173518-f85d14100011 + kubedb.dev/apimachinery v0.41.0-beta.1 kubedb.dev/db-client-go v0.0.9-0.20240119051334-7f4d5847462a sigs.k8s.io/controller-runtime v0.16.3 sigs.k8s.io/yaml v1.4.0 @@ -137,7 +137,7 @@ require ( kmodules.xyz/prober v0.29.0 // indirect kmodules.xyz/resource-metadata v0.18.2-0.20240105072614-e92a8a48d400 // indirect kubeops.dev/sidekick v0.0.5-0.20231225214445-a15c70833046 // indirect - kubestash.dev/apimachinery v0.3.1-0.20231231034418-cc46ddfd674a // indirect + kubestash.dev/apimachinery v0.4.0-rc.0 // indirect sigs.k8s.io/gateway-api v0.8.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect diff --git a/go.sum b/go.sum index facd92ce4..55ca42f02 100644 --- a/go.sum +++ b/go.sum @@ -819,14 +819,14 @@ kmodules.xyz/prober v0.29.0 h1:Ex7m4F9rH7uWNNJlLgP63ROOM+nUATJkC2L5OQ7nwMg= kmodules.xyz/prober v0.29.0/go.mod h1:UtK+HKyI1lFLEKX+HFLyOCVju6TO93zv3kwGpzqmKOo= kmodules.xyz/resource-metadata v0.18.2-0.20240105072614-e92a8a48d400 h1:bmd9/fvbhE55xtMF9hXVzjoUZFLGjMfEoHSHu9Hw6Gc= kmodules.xyz/resource-metadata v0.18.2-0.20240105072614-e92a8a48d400/go.mod h1:XsCdEKjfoulX29tMGviDhjT/jLl158uvMvXlKOhK1as= -kubedb.dev/apimachinery v0.41.0-beta.0.0.20240119173518-f85d14100011 h1:cgynwqJ55px78ZzBmVLnnrLwjctqkiiVs0gkHBzpDpo= -kubedb.dev/apimachinery v0.41.0-beta.0.0.20240119173518-f85d14100011/go.mod h1:3GVSOsOxnlMVnprJ77YMoKE56A7ogvqCGxJu8wKhNKU= +kubedb.dev/apimachinery v0.41.0-beta.1 h1:Aa7LRG1HO/da6AwNY3K/3BlfiMunUwiQow3dEbkuiX0= +kubedb.dev/apimachinery v0.41.0-beta.1/go.mod h1:WdyZn+5Ni4IdlUgtpibFVv40RgN5qZV8oJN0rhVCOuM= kubedb.dev/db-client-go v0.0.9-0.20240119051334-7f4d5847462a h1:0cbpIkRE0H9erqSC6zTcQgTdsv9crvr+zFyHvTpWsvs= kubedb.dev/db-client-go v0.0.9-0.20240119051334-7f4d5847462a/go.mod h1:RfjD10LuyFdnZdrtVW0p6OSi304yotraYFArBmeypJo= kubeops.dev/sidekick v0.0.5-0.20231225214445-a15c70833046 h1:X1ieV+IXqNesmFwSH6NEVF1J2wO0vplC4k6v3Vmq0d0= kubeops.dev/sidekick v0.0.5-0.20231225214445-a15c70833046/go.mod h1:XX6Vhw9EMmX9R8Y13AgaYDAsfeLZdTL8MzymTOAT0nY= -kubestash.dev/apimachinery v0.3.1-0.20231231034418-cc46ddfd674a h1:zkRd7mpfFk2QtGKefGxZqpczy909KJCk4iPu9WOwCKU= -kubestash.dev/apimachinery v0.3.1-0.20231231034418-cc46ddfd674a/go.mod h1:ImhcNxJIdObtmm1jPeOnvK9TrwS7bXqNa8I4Um/Vf1A= +kubestash.dev/apimachinery v0.4.0-rc.0 h1:iElRLTX8WsN4xl49y07Dz1ZD14FCJZp5RZhXwsutNmw= +kubestash.dev/apimachinery v0.4.0-rc.0/go.mod h1:mqOML23d9Hm2kSyzlRy6Gr69RGEUaOCTWYl2egklac8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg= sigs.k8s.io/gateway-api v0.8.0/go.mod h1:okOnjPNBFbIS/Rw9kAhuIUaIkLhTKEu+ARIuXk2dgaM= diff --git a/vendor/kubestash.dev/apimachinery/apis/constant.go b/vendor/kubestash.dev/apimachinery/apis/constant.go index 25c89934d..dc9f0f6d9 100644 --- a/vendor/kubestash.dev/apimachinery/apis/constant.go +++ b/vendor/kubestash.dev/apimachinery/apis/constant.go @@ -130,13 +130,11 @@ const ( ) const ( - ComponentPod = "pod" - ComponentDeployment = "deployment" - ComponentPVC = "pvc" - ComponentDump = "dump" - ComponentWal = "wal" - ComponentManifests = "manifests" - ComponentVolumeSnapshots = "volumesnapshots" + ComponentPod = "pod" + ComponentDump = "dump" + ComponentWal = "wal" + ComponentManifest = "manifest" + ComponentVolumeSnapshot = "volumesnapshot" ) const ( diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go index e14556125..83eaea47e 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go @@ -273,10 +273,6 @@ func (b *BackupConfiguration) validateSessions(ctx context.Context, c client.Cli } } - if err := b.validateUniqueRepo(); err != nil { - return err - } - if err := b.validateUniqueRepoDir(ctx, c); err != nil { return err } @@ -365,21 +361,6 @@ func (b *BackupConfiguration) validateRepositories(ctx context.Context, c client return nil } -func (b *BackupConfiguration) validateUniqueRepo() error { - mapRepoToBackend := make(map[string]map[string]string) - for _, session := range b.Spec.Sessions { - for _, repo := range session.Repositories { - if repoInfo, ok := mapRepoToBackend[repo.Name]; ok && repoInfo[repo.Backend] == repo.Name { - return fmt.Errorf("repository %q can not be used from multiple sessions. Please choose a different repository", repo.Name) - } - mapRepoToBackend[repo.Name] = map[string]string{ - repo.Backend: repo.Name, - } - } - } - return nil -} - func (b *BackupConfiguration) validateUniqueRepoDir(ctx context.Context, c client.Client) error { if err := b.validateRepoDirectories(); err != nil { return err diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_types.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_types.go index e039d61bd..2c1914a8f 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_types.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/restoresession_types.go @@ -19,7 +19,6 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kmapi "kmodules.xyz/client-go/api/v1" - ofst "kmodules.xyz/offshoot-api/api/v1" ) const ( @@ -69,10 +68,6 @@ type RestoreSessionSpec struct { // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` - // RuntimeSettings allow to specify Resources, NodeSelector, Affinity, Toleration, ReadinessProbe etc. - // +optional - RuntimeSettings ofst.RuntimeSettings `json:"runtimeSettings,omitempty"` - // ManifestOptions provide options to select particular manifest object to restore // +optional ManifestOptions *ManifestRestoreOptions `json:"manifestOptions,omitempty"` diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go index 85e3c5f36..979cada8f 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go @@ -1338,7 +1338,6 @@ func (in *RestoreSessionSpec) DeepCopyInto(out *RestoreSessionSpec) { *out = new(metav1.Duration) **out = **in } - in.RuntimeSettings.DeepCopyInto(&out.RuntimeSettings) if in.ManifestOptions != nil { in, out := &in.ManifestOptions, &out.ManifestOptions *out = new(ManifestRestoreOptions) diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/backupstorage_webhook.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/backupstorage_webhook.go index 1f603dbc6..fdfc3dd36 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/backupstorage_webhook.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/backupstorage_webhook.go @@ -199,19 +199,19 @@ func (r *BackupStorage) isPointToSameDir(bs BackupStorage) bool { return true } return false - case ProviderB2: - if r.Spec.Storage.B2.Bucket == bs.Spec.Storage.B2.Bucket && - r.Spec.Storage.B2.Prefix == bs.Spec.Storage.B2.Prefix { - return true - } - return false - case ProviderSwift: - // TODO: check for account - if r.Spec.Storage.Swift.Container == bs.Spec.Storage.Swift.Container && - r.Spec.Storage.Swift.Prefix == bs.Spec.Storage.Swift.Prefix { - return true - } - return false + //case ProviderB2: + // if r.Spec.Storage.B2.Bucket == bs.Spec.Storage.B2.Bucket && + // r.Spec.Storage.B2.Prefix == bs.Spec.Storage.B2.Prefix { + // return true + // } + // return false + //case ProviderSwift: + // // TODO: check for account + // if r.Spec.Storage.Swift.Container == bs.Spec.Storage.Swift.Container && + // r.Spec.Storage.Swift.Prefix == bs.Spec.Storage.Swift.Prefix { + // return true + // } + // return false default: return false } diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go index c07fba5a3..86230705d 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go @@ -36,9 +36,9 @@ const ( ProviderS3 StorageProvider = "s3" ProviderGCS StorageProvider = "gcs" ProviderAzure StorageProvider = "azure" - ProviderSwift StorageProvider = "swift" - ProviderB2 StorageProvider = "b2" - ProviderRest StorageProvider = "rest" + //ProviderSwift StorageProvider = "swift" + //ProviderB2 StorageProvider = "b2" + //ProviderRest StorageProvider = "rest" ) type Backend struct { @@ -61,17 +61,19 @@ type Backend struct { // +optional Azure *AzureSpec `json:"azure,omitempty"` - // Swift specifies the storage information for Swift container - // +optional - Swift *SwiftSpec `json:"swift,omitempty"` + /* + // Swift specifies the storage information for Swift container + // +optional + Swift *SwiftSpec `json:"swift,omitempty"` - // B2 specifies the storage information for B2 bucket - // +optional - B2 *B2Spec `json:"b2,omitempty"` + // B2 specifies the storage information for B2 bucket + // +optional + B2 *B2Spec `json:"b2,omitempty"` - // Rest specifies the storage information for rest storage server - // +optional - Rest *RestServerSpec `json:"rest,omitempty"` + // Rest specifies the storage information for rest storage server + // +optional + Rest *RestServerSpec `json:"rest,omitempty"` + */ } type LocalSpec struct { @@ -102,9 +104,9 @@ type S3Spec struct { // +optional Region string `json:"region,omitempty"` - // Secret specifies the name of the Secret that contains the access credential for this storage. + // SecretName specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } type GCSSpec struct { @@ -118,9 +120,9 @@ type GCSSpec struct { // +optional MaxConnections int64 `json:"maxConnections,omitempty"` - // Secret specifies the name of the Secret that contains the access credential for this storage. + // SecretName specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } type AzureSpec struct { @@ -137,11 +139,12 @@ type AzureSpec struct { // +optional MaxConnections int64 `json:"maxConnections,omitempty"` - // Secret specifies the name of the Secret that contains the access credential for this storage. + // SecretName specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } +/* type SwiftSpec struct { // Container specifies the name of the Swift container that will be used as storage backend. Container string `json:"container,omitempty"` @@ -151,7 +154,7 @@ type SwiftSpec struct { // Secret specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } type B2Spec struct { @@ -167,7 +170,7 @@ type B2Spec struct { // Secret specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } type RestServerSpec struct { @@ -176,5 +179,6 @@ type RestServerSpec struct { // Secret specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } +*/ diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go index 0005004df..912fb20c1 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go @@ -42,21 +42,6 @@ func (in *AzureSpec) DeepCopy() *AzureSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *B2Spec) DeepCopyInto(out *B2Spec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new B2Spec. -func (in *B2Spec) DeepCopy() *B2Spec { - if in == nil { - return nil - } - out := new(B2Spec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backend) DeepCopyInto(out *Backend) { *out = *in @@ -80,21 +65,6 @@ func (in *Backend) DeepCopyInto(out *Backend) { *out = new(AzureSpec) **out = **in } - if in.Swift != nil { - in, out := &in.Swift, &out.Swift - *out = new(SwiftSpec) - **out = **in - } - if in.B2 != nil { - in, out := &in.B2, &out.B2 - *out = new(B2Spec) - **out = **in - } - if in.Rest != nil { - in, out := &in.Rest, &out.Rest - *out = new(RestServerSpec) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backend. @@ -474,21 +444,6 @@ func (in *RepositoryStatus) DeepCopy() *RepositoryStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RestServerSpec) DeepCopyInto(out *RestServerSpec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestServerSpec. -func (in *RestServerSpec) DeepCopy() *RestServerSpec { - if in == nil { - return nil - } - out := new(RestServerSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResticStats) DeepCopyInto(out *ResticStats) { *out = *in @@ -788,21 +743,6 @@ func (in *SuccessfulSnapshotsKeepPolicy) DeepCopy() *SuccessfulSnapshotsKeepPoli return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SwiftSpec) DeepCopyInto(out *SwiftSpec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SwiftSpec. -func (in *SwiftSpec) DeepCopy() *SwiftSpec { - if in == nil { - return nil - } - out := new(SwiftSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumeSnapshotterStats) DeepCopyInto(out *VolumeSnapshotterStats) { *out = *in diff --git a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml index 5cba0765b..bd899cfbf 100644 --- a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml @@ -659,7 +659,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -830,11 +830,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -868,10 +868,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -898,33 +902,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -942,11 +954,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -982,7 +1006,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -1048,6 +1073,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -1426,6 +1479,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -2098,11 +2263,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -2135,10 +2300,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will - always have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -2165,30 +2333,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as such if both + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is - non-empty. There are two important differences - between DataSource and DataSourceRef: * - While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a - disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled.' + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -2206,11 +2383,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -2243,7 +2430,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2304,6 +2492,30 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass + used by this claim. If specified, the CSI + driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can be + changed after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to + a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -2964,7 +3176,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3135,11 +3347,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3173,10 +3385,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -3203,33 +3419,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -3247,11 +3471,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -3287,7 +3523,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -3353,6 +3590,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -3731,6 +3996,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -4403,11 +4780,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -4440,10 +4817,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will - always have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -4470,30 +4850,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as such if both + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is - non-empty. There are two important differences - between DataSource and DataSourceRef: * - While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a - disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled.' + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -4511,11 +4900,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -4548,7 +4947,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4609,6 +5009,30 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass + used by this claim. If specified, the CSI + driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can be + changed after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to + a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value diff --git a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml index 49dd08723..1237371a3 100644 --- a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml @@ -331,7 +331,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -359,6 +361,17 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -426,7 +439,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -454,6 +469,17 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -506,8 +532,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number must @@ -539,7 +563,9 @@ spec: be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be + canonicalized upon output, so case-variant names + will be understood as the same header. type: string value: description: The header field value @@ -665,8 +691,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number must @@ -698,7 +722,9 @@ spec: be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be + canonicalized upon output, so case-variant names + will be understood as the same header. type: string value: description: The header field value @@ -790,6 +816,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -810,7 +858,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -931,7 +980,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT + be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -963,15 +1013,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components that - enable the WindowsHostProcessContainers feature flag. - Setting this field without the feature flag will result - in errors when validating the Pod. All of a Pod's containers - must have the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml index d4b997934..3d6063dc4 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml @@ -447,7 +447,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -480,6 +484,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -568,7 +585,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -601,6 +622,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -664,9 +698,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -705,7 +737,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -853,9 +888,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -894,7 +927,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -1002,6 +1038,32 @@ spec: container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1025,7 +1087,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1170,8 +1233,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -1212,18 +1276,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -1583,7 +1641,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1660,6 +1720,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -1826,7 +1952,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1895,6 +2023,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -2049,7 +2237,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -2126,6 +2316,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -2292,7 +2548,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -2361,6 +2619,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -2715,8 +3033,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -2735,8 +3054,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -2793,18 +3119,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -2960,7 +3280,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -2968,10 +3288,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -3055,8 +3382,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -3070,8 +3397,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -3782,7 +4109,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3975,11 +4302,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -4016,10 +4343,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -4048,35 +4379,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -4096,11 +4437,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -4139,7 +4494,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4213,6 +4569,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -4623,6 +5008,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -5587,7 +6099,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -5620,6 +6136,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -5708,7 +6237,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -5741,6 +6274,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -5804,9 +6350,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -5845,7 +6389,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -5993,9 +6540,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -6034,7 +6579,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -6142,6 +6690,32 @@ spec: container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6165,7 +6739,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -6310,8 +6885,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -6352,18 +6928,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -6723,7 +7293,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -6800,6 +7372,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -6966,7 +7604,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -7035,6 +7675,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -7189,7 +7889,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -7266,6 +7968,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -7432,7 +8200,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -7501,6 +8271,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -7855,8 +8685,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -7875,8 +8706,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -7933,18 +8771,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -8100,7 +8932,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -8108,10 +8940,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -8195,8 +9034,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -8210,8 +9049,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -8922,7 +9761,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -9115,11 +9954,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9156,10 +9995,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -9188,35 +10031,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -9236,11 +10089,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -9279,7 +10146,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9353,6 +10221,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -9763,6 +10660,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -10900,7 +11924,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -10973,6 +11999,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -11132,7 +12219,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -11200,6 +12289,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -11350,7 +12494,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -11423,6 +12569,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -11582,7 +12789,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -11650,6 +12859,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -11918,8 +13182,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -11959,18 +13224,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -12544,7 +13805,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -12577,6 +13842,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12671,7 +13949,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -12704,6 +13986,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12770,9 +14065,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -12813,7 +14106,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13023,9 +14320,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -13066,7 +14361,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13175,11 +14474,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -13204,9 +14554,38 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -13367,7 +14746,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -13411,20 +14792,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -13485,9 +14860,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -13528,7 +14901,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13835,7 +15212,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -13866,6 +15246,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13953,7 +15346,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -13984,6 +15380,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -14048,9 +15457,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -14089,7 +15496,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -14257,9 +15667,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -14298,7 +15706,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -14402,6 +15813,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -14425,7 +15862,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -14557,8 +15995,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -14577,8 +16016,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -14633,18 +16079,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -14813,18 +16255,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -14905,8 +16354,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -14919,8 +16368,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -15535,7 +16984,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -15760,12 +17209,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -15805,11 +17254,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -15842,9 +17297,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -15853,31 +17308,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -15900,11 +17368,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -15946,7 +17429,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -16031,6 +17516,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -16473,6 +17993,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -17501,7 +19168,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -17532,6 +19202,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -17616,7 +19299,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -17647,6 +19333,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -17708,8 +19407,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -17743,7 +19441,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -17886,8 +19588,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -17921,7 +19622,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -18024,6 +19729,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -18047,7 +19777,8 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -18187,8 +19918,8 @@ spec: preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind @@ -18228,18 +19959,13 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + Process' container. All of a Pod's containers + must have the same effective HostProcess + value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess + is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -18651,7 +20377,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -18728,6 +20456,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -18894,7 +20688,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -18963,6 +20759,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -19117,7 +20973,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -19194,6 +21052,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -19360,7 +21284,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -19429,6 +21355,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -19702,8 +21688,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -19744,18 +21731,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -20349,7 +22330,12 @@ spec: properties: name: description: The header - field name + field name. This + will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The header @@ -20383,6 +22369,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -20481,7 +22482,12 @@ spec: properties: name: description: The header - field name + field name. This + will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The header @@ -20515,6 +22521,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -20585,9 +22606,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -20628,7 +22647,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -20847,9 +22870,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -20890,7 +22911,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21003,11 +23028,65 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy + for the container. + items: + description: ContainerResizePolicy + represents resource resize policy + for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to + apply when specified resource + is resized. If not specified, + it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is + immutable. It can only be set + for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in + pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -21033,9 +23112,41 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines + the restart behavior of individual + containers in a pod. This field may + only be set for init containers, and + the only allowed value is "Always". + For non-init containers or when this + field is not specified, the restart + behavior is defined by the Pod''s + restart policy and the container type. + Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have + terminated. Once all regular containers + have completed, all init containers + with restartPolicy "Always" will be + shut down. This lifecycle differs + from normal init containers and is + often referred to as a "sidecar" container. + Although this init container still + starts in the init container sequence, + it does not wait for the container + to complete before proceeding to the + next init container. Instead, the + next init container starts immediately + after this init container is started, + or after any startupProbe has successfully + completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container @@ -21204,8 +23315,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set - if type is "Localhost". + location. Must be set if type + is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates @@ -21251,20 +23363,12 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level - and will only be honored by - components that enable the - WindowsHostProcessContainers - feature flag. Setting this - field without the feature - flag will result in errors - when validating the Pod. All - of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess + All of a Pod's containers + must have the same effective + HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. @@ -21331,9 +23435,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -21374,7 +23476,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21695,7 +23801,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21728,6 +23838,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -21816,7 +23939,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21849,6 +23976,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -21915,9 +24055,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -21956,7 +24094,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -22129,9 +24270,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -22170,7 +24309,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -22277,6 +24419,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -22300,7 +24468,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -22435,8 +24604,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -22455,8 +24625,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -22513,18 +24690,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -22701,7 +24872,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -22709,10 +24880,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -22796,8 +24974,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -22811,8 +24989,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -23442,7 +25620,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -23681,12 +25859,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -23727,11 +25905,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -23766,10 +25951,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -23778,35 +25963,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -23830,11 +26029,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -23880,8 +26096,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -23970,6 +26187,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -24424,6 +26680,164 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data @@ -25753,7 +28167,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -26006,12 +28420,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -26055,12 +28469,17 @@ spec: create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource + source. When the AnyVolumeDataSource feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef - field.' + dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If + the namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -26097,10 +28516,10 @@ spec: the volume with data, if a non-empty volume is desired. This may - be any local object - from a non-empty API - group (non core object) - or a PersistentVolumeClaim + be any object from a + non-empty API group + (non core object) or + a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed @@ -26110,35 +28529,49 @@ spec: or dynamic provisioner. This field will replace the functionality of - the DataSource field + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both - fields (DataSource and - DataSourceRef) will + compatibility, when + namespace isn''t specified + in dataSourceRef, both + fields (dataSource and + dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important differences between - DataSource and DataSourceRef: - * While DataSource only + dataSource and dataSourceRef: + * While dataSource only allows two specific - types of objects, DataSourceRef + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) - Using this field requires + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -26164,11 +28597,32 @@ spec: is the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace + of resource being + referenced Note + that when a namespace + is specified, a + gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent + namespace to allow + that namespace's + owner to accept + the reference. See + the ReferenceGrant + documentation for + details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to + be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -26215,8 +28669,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests + cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -26313,6 +28768,47 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. + If specified, the CSI + driver will create or + update the volume with + the attributes defined + in the corresponding + VolumeAttributesClass. + This has a different + purpose than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not + allowed to reset this + field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this + PersistentVolumeClaim + will be set to a Pending + state, as reflected + by the modifyVolumeStatus + field, until such as + a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of @@ -26774,6 +29270,176 @@ spec: may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access + the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated + by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be + selected by name, or by + the combination of signer + name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM + contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The + ordering of certificates + within the file is arbitrary, + and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select + all ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set + but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A + label selector + requirement + is a selector + that contains + values, a key, + and an operator + that relates + the key and + values. + properties: + key: + description: key + is the label + key that + the selector + applies + to. + type: string + operator: + description: operator + represents + a key's + relationship + to a set + of values. + Valid operators + are In, + NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string + values. + If the operator + is In or + NotIn, the + values array + must be + non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a + strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in + the matchLabels + map is equivalent + to an element + of matchExpressions, + whose key field + is "key", the + operator is "In", + and the values + array contains + only "value". + The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select + a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced + ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to + exist. If using signerName, + then the combination + of signerName and + labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the + bundle. + type: string + signerName: + description: Select + all ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data @@ -27698,12 +30364,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -27743,11 +30409,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -27780,9 +30452,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -27791,31 +30463,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -27838,11 +30523,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -27884,7 +30584,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -27969,6 +30671,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -28198,11 +30935,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -28237,10 +30974,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -28270,7 +31012,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -28280,28 +31022,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -28322,11 +31075,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -28365,7 +31132,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -28445,6 +31213,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -28472,6 +31272,80 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller + receives persistentvolume + claim update with ClaimResourceStatus + for a resource that it does + not recognizes, then it should + ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being + resized for the given PVC. Key + names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: + - storage - the capacity of + the volume. * Custom resources + must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have + kubernetes.io prefix are considered + reserved and hence may not be + used. \n ClaimResourceStatus + can be in any of following states: + - ControllerResizeInProgress: + State set when resize controller + starts resizing the volume in + control-plane. - ControllerResizeFailed: + State set when resize has failed + in resize controller with a + terminal error. - NodeResizePending: + State set when resize controller + has finished resizing the volume + but further resizing of volume + is needed on the node. - NodeResizeInProgress: + State set when kubelet starts + resizing the volume. - NodeResizeFailed: + State set when resizing has + failed in kubelet with a terminal + error. Transient errors don't + set NodeResizeFailed. For example: + if expanding a PVC for more + capacity - this field can be + one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" + - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - + pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When + this field is not set, it means + that no resize operation is + in progress for the given PVC. + \n A controller that receives + PVC update with previously unknown + resourceName or ClaimResourceStatus + should ignore the update for + the purpose it was designed. + For example - a controller that + only is responsible for resizing + capacity of the volume, should + ignore PVC updates that change + other valid resources associated + with PVC. \n This is an alpha + field and requires enabling + RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -28479,11 +31353,22 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources - is the storage resource within - AllocatedResources tracks the - capacity allocated to a PVC. - It may be larger than the actual + description: "allocatedResources + tracks the resources allocated + to a PVC including its capacity. + Key names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: + - storage - the capacity of + the volume. * Custom resources + must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have + kubernetes.io prefix are considered + reserved and hence may not be + used. \n Capacity reported here + may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value @@ -28498,9 +31383,19 @@ spec: no expansion operations in progress and if the actual volume capacity is equal or lower than the requested - capacity. This is an alpha field + capacity. \n A controller that + receives PVC update with previously + unknown resourceName should + ignore the update for the purpose + it was designed. For example + - a controller that only is + responsible for resizing capacity + of the volume, should ignore + PVC updates that change other + valid resources associated with + PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. + feature." type: object capacity: additionalProperties: @@ -28522,7 +31417,7 @@ spec: to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state + contains details about state of pvc properties: lastProbeTime: @@ -28567,22 +31462,63 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, + there is no VolumeAttributeClass + applied to this PersistentVolumeClaim + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus + represents the status object + of ControllerModifyVolume operation. + When this is unset, there is + no ModifyVolume operation being + attempted. This is an alpha + field and requires enabling + VolumeAttributesClass feature. + properties: + status: + description: 'status is the + status of the ControllerModifyVolume + operation. It can be in + any of following states: + - Pending Pending indicates + that the PersistentVolumeClaim + cannot be modified due to + unmet requirements, such + as the specified VolumeAttributesClass + not existing. - InProgress + InProgress indicates that + the volume is being modified. + - Infeasible Infeasible + indicates that the request + has been rejected as invalid + by the CSI driver. To resolve + the error, a valid VolumeAttributesClass + needs to be specified. Note: + New statuses can be added + in the future. Consumers + should check for unknown + statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being + reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores - status of resize operation. - ResizeStatus is not set by default - but when expansion is complete - resizeStatus is set to empty - string by resize controller - or kubelet. This is an alpha - field and requires enabling - RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -29182,7 +32118,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -29435,12 +32371,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -29484,12 +32420,17 @@ spec: create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource + source. When the AnyVolumeDataSource feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef - field.' + dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If + the namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -29526,10 +32467,10 @@ spec: the volume with data, if a non-empty volume is desired. This may - be any local object - from a non-empty API - group (non core object) - or a PersistentVolumeClaim + be any object from a + non-empty API group + (non core object) or + a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed @@ -29539,35 +32480,49 @@ spec: or dynamic provisioner. This field will replace the functionality of - the DataSource field + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both - fields (DataSource and - DataSourceRef) will + compatibility, when + namespace isn''t specified + in dataSourceRef, both + fields (dataSource and + dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important differences between - DataSource and DataSourceRef: - * While DataSource only + dataSource and dataSourceRef: + * While dataSource only allows two specific - types of objects, DataSourceRef + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) - Using this field requires + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -29593,11 +32548,32 @@ spec: is the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace + of resource being + referenced Note + that when a namespace + is specified, a + gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent + namespace to allow + that namespace's + owner to accept + the reference. See + the ReferenceGrant + documentation for + details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to + be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -29644,8 +32620,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests + cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -29742,6 +32719,47 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. + If specified, the CSI + driver will create or + update the volume with + the attributes defined + in the corresponding + VolumeAttributesClass. + This has a different + purpose than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not + allowed to reset this + field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this + PersistentVolumeClaim + will be set to a Pending + state, as reflected + by the modifyVolumeStatus + field, until such as + a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of @@ -30208,6 +33226,176 @@ spec: may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access + the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated + by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be + selected by name, or by + the combination of signer + name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM + contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The + ordering of certificates + within the file is arbitrary, + and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select + all ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set + but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A + label selector + requirement + is a selector + that contains + values, a key, + and an operator + that relates + the key and + values. + properties: + key: + description: key + is the label + key that + the selector + applies + to. + type: string + operator: + description: operator + represents + a key's + relationship + to a set + of values. + Valid operators + are In, + NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string + values. + If the operator + is In or + NotIn, the + values array + must be + non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a + strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in + the matchLabels + map is equivalent + to an element + of matchExpressions, + whose key field + is "key", the + operator is "In", + and the values + array contains + only "value". + The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select + a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced + ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to + exist. If using signerName, + then the combination + of signerName and + labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the + bundle. + type: string + signerName: + description: Select + all ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml index ec2086152..a84eff910 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml @@ -376,7 +376,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -407,6 +410,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -489,7 +505,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -520,6 +539,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -578,8 +610,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -613,7 +644,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -751,8 +785,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -786,7 +819,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -886,6 +922,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -907,8 +968,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1045,8 +1106,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -1083,18 +1145,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -1494,7 +1550,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1567,6 +1625,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -1726,7 +1845,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1794,6 +1915,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -1944,7 +2120,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -2017,6 +2195,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -2176,7 +2415,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -2244,6 +2485,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -2512,8 +2808,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -2553,18 +2850,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -3138,7 +3431,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3171,6 +3468,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3265,7 +3575,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3298,6 +3612,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3364,9 +3691,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -3407,7 +3732,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3617,9 +3946,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -3660,7 +3987,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3769,11 +4100,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3798,9 +4180,38 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -3961,7 +4372,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -4005,20 +4418,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -4079,9 +4486,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -4122,7 +4527,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -4429,7 +4838,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -4460,6 +4872,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -4547,7 +4972,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -4578,6 +5006,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -4642,9 +5083,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -4683,7 +5122,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4851,9 +5293,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -4892,7 +5332,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4996,6 +5439,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5019,7 +5488,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -5151,8 +5621,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -5171,8 +5642,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -5227,18 +5705,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -5407,18 +5881,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -5499,8 +5980,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -5513,8 +5994,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -6129,7 +6610,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -6354,12 +6835,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -6399,11 +6880,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -6436,9 +6923,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -6447,31 +6934,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -6494,11 +6994,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -6540,7 +7055,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -6625,6 +7142,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -7067,6 +7619,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -8331,7 +9030,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -8570,12 +9269,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8616,11 +9315,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -8655,10 +9361,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -8667,35 +9373,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -8719,11 +9439,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -8769,8 +9506,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8859,6 +9597,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -9308,61 +10085,219 @@ spec: be projected along with other supported volume types properties: - configMap: - description: configMap information - about the configMap data - to project + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." properties: - items: - description: items if - unspecified, each key-value - pair in the Data field - of the referenced ConfigMap - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. - items: - description: Maps a - string key to a path - within a volume. - properties: - key: - description: key - is the key to - project. - type: string - mode: - description: 'mode - is Optional: mode - bits used to set - permissions on - this file. Must - be an octal value - between 0000 and - 0777 or a decimal - value between - 0 and 511. YAML - accepts both octal - and decimal values, - JSON requires - decimal values - for mode bits. - If not specified, + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information + about the configMap data + to project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced ConfigMap + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + ConfigMap, the volume + setup will error unless + it is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, the volume defaultMode will be used. This might be @@ -10191,12 +11126,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10235,11 +11170,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -10272,9 +11211,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -10282,31 +11221,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -10328,11 +11279,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -10372,7 +11338,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10453,6 +11421,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -10677,11 +11677,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10715,10 +11715,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -10747,35 +11751,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -10795,11 +11809,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -10838,7 +11866,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10912,6 +11941,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -10939,6 +11997,75 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller + receives persistentvolume claim + update with ClaimResourceStatus + for a resource that it does + not recognizes, then it should + ignore that update and let other + controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being + resized for the given PVC. Key + names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + ClaimResourceStatus can be in + any of following states: - ControllerResizeInProgress: + State set when resize controller + starts resizing the volume in + control-plane. - ControllerResizeFailed: + State set when resize has failed + in resize controller with a terminal + error. - NodeResizePending: State + set when resize controller has + finished resizing the volume but + further resizing of volume is + needed on the node. - NodeResizeInProgress: + State set when kubelet starts + resizing the volume. - NodeResizeFailed: + State set when resizing has failed + in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. + For example: if expanding a PVC + for more capacity - this field + can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - + pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this + field is not set, it means that + no resize operation is in progress + for the given PVC. \n A controller + that receives PVC update with + previously unknown resourceName + or ClaimResourceStatus should + ignore the update for the purpose + it was designed. For example - + a controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -10946,14 +12073,25 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources - is the storage resource within - AllocatedResources tracks the - capacity allocated to a PVC. It - may be larger than the actual - capacity when a volume expansion - operation is requested. For storage - quota, the larger value from allocatedResources + description: "allocatedResources + tracks the resources allocated + to a PVC including its capacity. + Key names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + Capacity reported here may be + larger than the actual capacity + when a volume expansion operation + is requested. For storage quota, + the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used @@ -10964,9 +12102,18 @@ spec: operations in progress and if the actual volume capacity is equal or lower than the requested - capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + capacity. \n A controller that + receives PVC update with previously + unknown resourceName should ignore + the update for the purpose it + was designed. For example - a + controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -10987,7 +12134,7 @@ spec: Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state + contains details about state of pvc properties: lastProbeTime: @@ -11030,21 +12177,61 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, + there is no VolumeAttributeClass + applied to this PersistentVolumeClaim + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus + represents the status object of + ControllerModifyVolume operation. + When this is unset, there is no + ModifyVolume operation being attempted. + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the + status of the ControllerModifyVolume + operation. It can be in any + of following states: - Pending + Pending indicates that the + PersistentVolumeClaim cannot + be modified due to unmet requirements, + such as the specified VolumeAttributesClass + not existing. - InProgress + InProgress indicates that + the volume is being modified. + - Infeasible Infeasible indicates + that the request has been + rejected as invalid by the + CSI driver. To resolve the + error, a valid VolumeAttributesClass + needs to be specified. Note: + New statuses can be added + in the future. Consumers should + check for unknown statuses + and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores - status of resize operation. ResizeStatus - is not set by default but when - expansion is complete resizeStatus - is set to empty string by resize - controller or kubelet. This is - an alpha field and requires enabling - RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -11618,7 +12805,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -11857,12 +13044,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -11903,11 +13090,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -11942,10 +13136,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -11954,35 +13148,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -12006,11 +13214,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -12056,8 +13281,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -12146,6 +13372,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -12600,6 +13865,164 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data @@ -13850,7 +15273,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13883,6 +15310,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13977,7 +15417,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -14010,6 +15454,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -14076,9 +15533,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -14119,7 +15574,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -14276,9 +15735,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -14319,7 +15776,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -14433,6 +15894,32 @@ spec: by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -14457,7 +15944,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -14618,7 +16106,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -14662,20 +16152,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -15076,7 +16560,9 @@ spec: description: A label query over a set of resources, in this - case pods. + case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15168,6 +16654,80 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key in (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MatchLabelKeys + and LabelSelector. + Also, MatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key notin (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MismatchLabelKeys + and LabelSelector. + Also, MismatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set @@ -15363,7 +16923,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15440,6 +17002,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -15610,7 +17238,9 @@ spec: description: A label query over a set of resources, in this - case pods. + case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15702,6 +17332,80 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key in (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MatchLabelKeys + and LabelSelector. + Also, MatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key notin (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MismatchLabelKeys + and LabelSelector. + Also, MismatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set @@ -15897,7 +17601,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15974,6 +17680,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -16358,7 +18130,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -16378,10 +18152,18 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no - groups will be added to any container. - Note that this field cannot be set - when spec.os.name is windows. + primary GID, the fsGroup (if specified), + and group memberships defined in + the container image for the uid + of the container process. If unspecified, + no additional groups are added to + any container. Note that group memberships + defined in the container image for + the uid of the container process + are still effective, even if they + are not included in this list. Note + that this field cannot be set when + spec.os.name is windows. items: format: int64 type: integer @@ -16440,20 +18222,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -16619,8 +18395,8 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a - set of pod label keys to select + description: "MatchLabelKeys is + a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the @@ -16629,10 +18405,18 @@ spec: to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in - the incoming pod labels will be - ignored. A null or empty list + pod. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector + isn't set. Keys that don't exist + in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -16725,7 +18509,7 @@ spec: in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -16741,7 +18525,7 @@ spec: All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -17488,7 +19272,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -17701,12 +19485,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -17745,11 +19529,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -17782,9 +19570,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -17792,31 +19580,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -17838,11 +19638,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -17882,7 +19697,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -17963,6 +19780,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -18392,6 +20241,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -19417,7 +21404,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -19450,6 +21441,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -19544,7 +21548,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -19577,6 +21585,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -19643,9 +21664,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -19686,7 +21705,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -19843,9 +21866,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -19886,7 +21907,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -20000,6 +22025,32 @@ spec: by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -20024,7 +22075,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -20185,7 +22237,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -20229,20 +22283,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -20643,7 +22691,9 @@ spec: description: A label query over a set of resources, in this - case pods. + case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -20735,6 +22785,80 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key in (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MatchLabelKeys + and LabelSelector. + Also, MatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key notin (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MismatchLabelKeys + and LabelSelector. + Also, MismatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set @@ -20930,7 +23054,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -21007,6 +23133,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -21177,7 +23369,9 @@ spec: description: A label query over a set of resources, in this - case pods. + case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -21269,6 +23463,80 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key in (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MatchLabelKeys + and LabelSelector. + Also, MatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key notin (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MismatchLabelKeys + and LabelSelector. + Also, MismatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set @@ -21464,7 +23732,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -21541,6 +23811,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -21925,7 +24261,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -21945,10 +24283,18 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no - groups will be added to any container. - Note that this field cannot be set - when spec.os.name is windows. + primary GID, the fsGroup (if specified), + and group memberships defined in + the container image for the uid + of the container process. If unspecified, + no additional groups are added to + any container. Note that group memberships + defined in the container image for + the uid of the container process + are still effective, even if they + are not included in this list. Note + that this field cannot be set when + spec.os.name is windows. items: format: int64 type: integer @@ -22007,20 +24353,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -22186,8 +24526,8 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a - set of pod label keys to select + description: "MatchLabelKeys is + a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the @@ -22196,10 +24536,18 @@ spec: to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in - the incoming pod labels will be - ignored. A null or empty list + pod. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector + isn't set. Keys that don't exist + in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -22292,7 +24640,7 @@ spec: in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -22308,7 +24656,7 @@ spec: All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -23055,7 +25403,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -23268,12 +25616,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -23312,11 +25660,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -23349,9 +25701,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -23359,31 +25711,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -23405,11 +25769,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -23449,7 +25828,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -23530,6 +25911,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -23959,6 +26372,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -25236,7 +27787,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -25320,6 +27873,76 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -25501,7 +28124,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -25574,6 +28199,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -25734,7 +28420,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -25818,6 +28506,76 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -25999,7 +28757,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -26072,6 +28832,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -26358,7 +29179,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -26400,21 +29223,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -27035,7 +29852,12 @@ spec: properties: name: description: The - header field name + header field name. + This will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The @@ -27070,6 +29892,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -27175,7 +30012,12 @@ spec: properties: name: description: The - header field name + header field name. + This will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The @@ -27210,6 +30052,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -27283,9 +30140,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires - enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of @@ -27328,7 +30182,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -27551,9 +30409,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires - enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of @@ -27596,7 +30451,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -27710,11 +30569,67 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy + for the container. + items: + description: ContainerResizePolicy + represents resource resize policy + for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported + values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy + to apply when specified resource + is resized. If not specified, + it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the + names of resources, defined + in spec.resourceClaims, that + are used by this container. + \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field + is immutable. It can only be + set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry + in pod.spec.resourceClaims + of the Pod where this + field is used. It makes + that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -27741,9 +30656,42 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines + the restart behavior of individual + containers in a pod. This field + may only be set for init containers, + and the only allowed value is "Always". + For non-init containers or when + this field is not specified, the + restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy + as "Always" for the init container + will have the following effect: + this init container will be continually + restarted on exit until all regular + containers have terminated. Once + all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This + lifecycle differs from normal init + containers and is often referred + to as a "sidecar" container. Although + this init container still starts + in the init container sequence, + it does not wait for the container + to complete before proceeding to + the next init container. Instead, + the next init container starts immediately + after this init container is started, + or after any startupProbe has successfully + completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container @@ -27920,8 +30868,9 @@ spec: descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type - is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any + other type. type: string type: description: "type indicates @@ -27968,23 +30917,16 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is - alpha-level and will only - be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this - field without the feature - flag will result in errors - when validating the Pod. - All of a Pod's containers - must have the same effective - HostProcess value (it is - not allowed to have a mix - of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess - is true then HostNetwork - must also be set to true. + container. All of a Pod's + containers must have the + same effective HostProcess + value (it is not allowed + to have a mix of HostProcess + containers and non-HostProcess + containers). In addition, + if HostProcess is true then + HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName @@ -28050,9 +30992,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires - enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of @@ -28095,7 +31034,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -28423,7 +31366,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -28456,6 +31403,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -28547,7 +31507,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -28580,6 +31544,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -28649,9 +31626,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -28691,7 +31666,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -28868,9 +31846,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -28910,7 +31886,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -29018,6 +31997,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -29042,7 +32047,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -29182,7 +32188,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -29202,10 +32210,18 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that - this field cannot be set when spec.os.name - is windows. + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container + process. If unspecified, no additional + groups are added to any container. + Note that group memberships defined + in the container image for the uid + of the container process are still + effective, even if they are not included + in this list. Note that this field + cannot be set when spec.os.name is + windows. items: format: int64 type: integer @@ -29260,21 +32276,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -29455,20 +32465,27 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select the - pods over which spreading will be - calculated. The keys are used to - lookup values from the incoming + description: "MatchLabelKeys is a + set of pod label keys to select + the pods over which spreading will + be calculated. The keys are used + to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that - don't exist in the incoming pod - labels will be ignored. A null or - empty list means only match against - labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector + isn't set. Keys that don't exist + in the incoming pod labels will + be ignored. A null or empty list + means only match against labelSelector. + \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -29556,8 +32573,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -29572,8 +32589,8 @@ spec: All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a - alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread + beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -30229,7 +33246,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -30482,12 +33499,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -30531,12 +33548,17 @@ spec: create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource + source. When the AnyVolumeDataSource feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef - field.' + dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If + the namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -30573,10 +33595,10 @@ spec: the volume with data, if a non-empty volume is desired. This may - be any local object - from a non-empty API - group (non core object) - or a PersistentVolumeClaim + be any object from a + non-empty API group + (non core object) or + a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed @@ -30586,35 +33608,49 @@ spec: or dynamic provisioner. This field will replace the functionality of - the DataSource field + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both - fields (DataSource and - DataSourceRef) will + compatibility, when + namespace isn''t specified + in dataSourceRef, both + fields (dataSource and + dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important differences between - DataSource and DataSourceRef: - * While DataSource only + dataSource and dataSourceRef: + * While dataSource only allows two specific - types of objects, DataSourceRef + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) - Using this field requires + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -30640,11 +33676,32 @@ spec: is the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace + of resource being + referenced Note + that when a namespace + is specified, a + gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent + namespace to allow + that namespace's + owner to accept + the reference. See + the ReferenceGrant + documentation for + details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to + be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -30691,8 +33748,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests + cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -30789,6 +33847,47 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. + If specified, the CSI + driver will create or + update the volume with + the attributes defined + in the corresponding + VolumeAttributesClass. + This has a different + purpose than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not + allowed to reset this + field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this + PersistentVolumeClaim + will be set to a Pending + state, as reflected + by the modifyVolumeStatus + field, until such as + a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of @@ -31255,6 +34354,176 @@ spec: may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access + the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated + by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be + selected by name, or by + the combination of signer + name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM + contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The + ordering of certificates + within the file is arbitrary, + and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select + all ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set + but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A + label selector + requirement + is a selector + that contains + values, a key, + and an operator + that relates + the key and + values. + properties: + key: + description: key + is the label + key that + the selector + applies + to. + type: string + operator: + description: operator + represents + a key's + relationship + to a set + of values. + Valid operators + are In, + NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string + values. + If the operator + is In or + NotIn, the + values array + must be + non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a + strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in + the matchLabels + map is equivalent + to an element + of matchExpressions, + whose key field + is "key", the + operator is "In", + and the values + array contains + only "value". + The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select + a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced + ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to + exist. If using signerName, + then the combination + of signerName and + labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the + bundle. + type: string + signerName: + description: Select + all ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml index dd0883c35..ab929db6e 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml @@ -360,7 +360,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -390,6 +393,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -464,7 +479,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -494,6 +512,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -549,8 +579,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -584,7 +613,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -715,8 +747,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -750,7 +781,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -846,6 +880,30 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -867,7 +925,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -998,7 +1057,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -1034,14 +1094,10 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be - honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -1411,7 +1467,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1479,6 +1537,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -1629,6 +1742,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1688,6 +1803,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -1824,7 +1989,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1892,6 +2059,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -2042,6 +2264,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -2101,6 +2325,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -2350,8 +2624,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -2388,18 +2663,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -2947,7 +3216,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -2980,6 +3253,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3068,7 +3354,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3101,6 +3391,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3164,9 +3467,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -3205,7 +3506,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -3405,9 +3709,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -3446,7 +3748,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -3549,11 +3854,60 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the + container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to + which this resource resize policy + applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3577,9 +3931,36 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart + behavior of individual containers in a pod. + This field may only be set for init containers, + and the only allowed value is "Always". + For non-init containers or when this field + is not specified, the restart behavior is + defined by the Pod''s restart policy and + the container type. Setting the RestartPolicy + as "Always" for the init container will + have the following effect: this init container + will be continually restarted on exit until + all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs + from normal init containers and is often + referred to as a "sidecar" container. Although + this init container still starts in the + init container sequence, it does not wait + for the container to complete before proceeding + to the next init container. Instead, the + next init container starts immediately after + this init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be @@ -3724,8 +4105,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -3766,18 +4148,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -3836,9 +4212,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -3877,7 +4251,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4168,7 +4545,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4199,6 +4579,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -4281,7 +4674,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4312,6 +4708,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -4373,8 +4782,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -4408,7 +4816,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -4569,8 +4980,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -4604,7 +5014,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -4704,6 +5117,31 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4725,8 +5163,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -4848,8 +5286,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -4866,10 +5305,16 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, - no groups will be added to any container. - Note that this field cannot be set when spec.os.name - is windows. + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -4919,18 +5364,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -5090,17 +5529,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will - be calculated for the incoming pod. Keys + be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means - only match against labelSelector. + only match against labelSelector. \n This + is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -5174,8 +5618,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -5188,7 +5632,8 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is - a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -5767,7 +6212,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -5963,11 +6408,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -6006,10 +6451,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -6039,7 +6489,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -6049,28 +6499,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -6091,11 +6552,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -6134,7 +6609,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -6214,6 +6690,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -6631,6 +7139,137 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such as + inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering + of certificates within the file + is arbitrary, and Kubelet may + change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -7798,7 +8437,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -8011,12 +8650,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8055,11 +8694,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -8092,9 +8735,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -8102,31 +8745,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -8148,11 +8803,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -8192,7 +8862,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8273,6 +8945,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -8697,6 +9401,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -9491,11 +10333,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9532,10 +10374,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -9564,35 +10410,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -9612,11 +10468,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -9655,7 +10525,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9729,6 +10600,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -9935,11 +10835,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9971,10 +10871,14 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of the - specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -10003,33 +10907,44 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will - replace the functionality of the DataSource + replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource - only allows two specific types of - objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), - DataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled.' + when namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to + the same value automatically if one + of them is empty and the other is + non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be + empty. There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two + specific types of objects, dataSourceRef + allows any non-core object, as well + as PersistentVolumeClaim objects. + * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates + an error if a disallowed value is + specified. * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires the + AnyVolumeDataSource feature gate to + be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -10048,11 +10963,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -10089,6 +11016,7 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object @@ -10158,6 +11086,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to + empty string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the resource + referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, as + reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -10182,6 +11138,69 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update with + ClaimResourceStatus for a resource + that it does not recognizes, then + it should ignore that update and + let other controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being resized + for the given PVC. Key names follow + standard Kubernetes label syntax. + Valid values are either: * Un-prefixed + keys: - storage - the capacity of + the volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys that + are unprefixed or have kubernetes.io + prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus + can be in any of following states: + - ControllerResizeInProgress: State + set when resize controller starts + resizing the volume in control-plane. + - ControllerResizeFailed: State set + when resize has failed in resize controller + with a terminal error. - NodeResizePending: + State set when resize controller has + finished resizing the volume but further + resizing of volume is needed on the + node. - NodeResizeInProgress: State + set when kubelet starts resizing the + volume. - NodeResizeFailed: State + set when resizing has failed in kubelet + with a terminal error. Transient errors + don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity + - this field can be one of the following + states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - + pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field + is not set, it means that no resize + operation is in progress for the given + PVC. \n A controller that receives + PVC update with previously unknown + resourceName or ClaimResourceStatus + should ignore the update for the purpose + it was designed. For example - a controller + that only is responsible for resizing + capacity of the volume, should ignore + PVC updates that change other valid + resources associated with PVC. \n + This is an alpha field and requires + enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -10189,13 +11208,22 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the - storage resource within AllocatedResources - tracks the capacity allocated to a - PVC. It may be larger than the actual - capacity when a volume expansion operation - is requested. For storage quota, the - larger value from allocatedResources + description: "allocatedResources tracks + the resources allocated to a PVC including + its capacity. Key names follow standard + Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - + storage - the capacity of the volume. + * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that + are unprefixed or have kubernetes.io + prefix are considered reserved and + hence may not be used. \n Capacity + reported here may be larger than the + actual capacity when a volume expansion + operation is requested. For storage + quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. @@ -10205,9 +11233,17 @@ spec: operations in progress and if the actual volume capacity is equal or lower than the requested capacity. + \n A controller that receives PVC + update with previously unknown resourceName + should ignore the update for the purpose + it was designed. For example - a controller + that only is responsible for resizing + capacity of the volume, should ignore + PVC updates that change other valid + resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. + feature." type: object capacity: additionalProperties: @@ -10228,7 +11264,7 @@ spec: be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of + contains details about state of pvc properties: lastProbeTime: @@ -10267,20 +11303,57 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, there + is no VolumeAttributeClass applied + to this PersistentVolumeClaim This + is an alpha field and requires enabling + VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents + the status object of ControllerModifyVolume + operation. When this is unset, there + is no ModifyVolume operation being + attempted. This is an alpha field + and requires enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the status + of the ControllerModifyVolume + operation. It can be in any of + following states: - Pending Pending + indicates that the PersistentVolumeClaim + cannot be modified due to unmet + requirements, such as the specified + VolumeAttributesClass not existing. + - InProgress InProgress indicates + that the volume is being modified. + - Infeasible Infeasible indicates + that the request has been rejected + as invalid by the CSI driver. + To resolve the error, a valid + VolumeAttributesClass needs to + be specified. Note: New statuses + can be added in the future. Consumers + should check for unknown statuses + and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status - of resize operation. ResizeStatus - is not set by default but when expansion - is complete resizeStatus is set to - empty string by resize controller - or kubelet. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -10821,7 +11894,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -11034,12 +12107,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -11078,11 +12151,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -11115,9 +12192,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -11125,31 +12202,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -11171,11 +12260,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -11215,7 +12319,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -11296,6 +12402,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -11725,6 +12863,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -12878,7 +14154,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -12911,6 +14191,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12999,7 +14292,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13032,6 +14329,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13095,9 +14405,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -13136,7 +14444,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -13284,9 +14595,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -13325,7 +14634,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -13433,6 +14745,32 @@ spec: container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -13456,7 +14794,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -13601,8 +14940,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -13643,18 +14983,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -14014,7 +15348,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -14091,6 +15427,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -14257,7 +15659,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -14326,6 +15730,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -14480,7 +15944,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -14557,6 +16023,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -14723,7 +16255,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -14792,6 +16326,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -15146,8 +16740,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -15166,8 +16761,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -15224,18 +16826,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -15391,7 +16987,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -15399,10 +16995,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -15486,8 +17089,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -15501,8 +17104,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -16213,7 +17816,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -16406,11 +18009,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -16447,10 +18050,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -16479,35 +18086,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -16527,11 +18144,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -16570,7 +18201,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -16644,6 +18276,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -17054,6 +18715,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -18018,7 +19806,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -18051,6 +19843,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -18139,7 +19944,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -18172,6 +19981,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -18235,9 +20057,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -18276,7 +20096,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -18424,9 +20247,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -18465,7 +20286,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -18573,6 +20397,32 @@ spec: container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -18596,7 +20446,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -18741,8 +20592,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -18783,18 +20635,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -19154,7 +21000,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -19231,6 +21079,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -19397,7 +21311,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -19466,6 +21382,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -19620,7 +21596,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -19697,6 +21675,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -19863,7 +21907,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -19932,6 +21978,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -20286,8 +22392,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -20306,8 +22413,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -20364,18 +22478,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -20531,7 +22639,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -20539,10 +22647,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -20626,8 +22741,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -20641,8 +22756,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -21353,7 +23468,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -21546,11 +23661,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -21587,10 +23702,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -21619,35 +23738,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -21667,11 +23796,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -21710,7 +23853,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -21784,6 +23928,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -22194,6 +24367,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -23381,7 +25681,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -23454,6 +25756,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -23613,7 +25976,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -23681,6 +26046,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -23831,7 +26251,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -23904,6 +26326,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -24063,7 +26546,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -24131,6 +26616,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -24399,8 +26939,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -24440,18 +26981,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -25025,7 +27562,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -25058,6 +27599,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -25152,7 +27706,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -25185,6 +27743,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -25251,9 +27822,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -25294,7 +27863,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -25504,9 +28077,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -25547,7 +28118,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -25656,11 +28231,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -25685,9 +28311,38 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -25848,7 +28503,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -25892,20 +28549,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -25966,9 +28617,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -26009,7 +28658,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -26316,7 +28969,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -26347,6 +29003,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -26434,7 +29103,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -26465,6 +29137,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -26529,9 +29214,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -26570,7 +29253,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -26738,9 +29424,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -26779,7 +29463,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -26883,6 +29570,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -26906,7 +29619,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -27038,8 +29752,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -27058,8 +29773,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -27114,18 +29836,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -27294,18 +30012,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -27386,8 +30111,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -27400,8 +30125,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -28016,7 +30741,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -28241,12 +30966,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -28286,11 +31011,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -28323,9 +31054,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -28334,31 +31065,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -28381,11 +31125,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -28427,7 +31186,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -28512,6 +31273,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -28954,6 +31750,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml index 5b5f64778..f81427709 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml @@ -96,7 +96,9 @@ spec: used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized + upon output, so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -154,7 +156,9 @@ spec: used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized + upon output, so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -797,7 +801,7 @@ spec: be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -960,11 +964,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -998,10 +1002,13 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -1028,31 +1035,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the - functionality of the DataSource field + functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to the + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them - is empty and the other is non-empty. There - are two important differences between - DataSource and DataSourceRef: * While - DataSource only allows two specific types - of objects, DataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -1070,11 +1085,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -1109,7 +1136,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -1173,6 +1201,32 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can + be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to empty + string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will + be set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set + to a Pending state, as reflected by the + modifyVolumeStatus field, until such as + a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -1548,6 +1602,114 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a + pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating + file. \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle objects + can either be selected by name, or by the + combination of signer name and a label selector. + \n Kubelet performs aggressive normalization + of the PEM contents written into the pod + filesystem. Esoteric PEM features such + as inter-block comments and block headers + are stripped. Certificates are deduplicated. + The ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as + "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then + the named ClusterTrustBundle is allowed + not to exist. If using signerName, + then the combination of signerName and + labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -2151,10 +2313,10 @@ spec: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml index 4b869be64..6706b5c32 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml @@ -287,7 +287,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -315,6 +318,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -386,7 +401,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -414,6 +432,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -467,8 +497,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -500,7 +529,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -628,8 +659,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -661,7 +691,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -755,6 +787,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -776,7 +830,7 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -900,8 +954,9 @@ spec: defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. type: string type: description: "type indicates which kind of seccomp @@ -934,15 +989,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -1273,7 +1324,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -1332,6 +1385,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -1462,7 +1563,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1516,6 +1619,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -1636,7 +1784,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -1695,6 +1845,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -1825,7 +2023,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1879,6 +2079,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -2106,7 +2351,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -2141,16 +2387,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, if + HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the @@ -2663,7 +2905,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -2694,6 +2939,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -2776,7 +3034,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -2807,6 +3068,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -2865,8 +3139,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -2900,7 +3173,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -3085,8 +3361,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -3120,7 +3395,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -3216,10 +3494,57 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which + this resource resize policy applies. Supported + values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when + specified resource is resized. If not specified, + it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3241,10 +3566,34 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart + behavior of individual containers in a pod. This + field may only be set for init containers, and + the only allowed value is "Always". For non-init + containers or when this field is not specified, + the restart behavior is defined by the Pod''s + restart policy and the container type. Setting + the RestartPolicy as "Always" for the init container + will have the following effect: this init container + will be continually restarted on exit until all + regular containers have terminated. Once all regular + containers have completed, all init containers + with restartPolicy "Always" will be shut down. + This lifecycle differs from normal init containers + and is often referred to as a "sidecar" container. + Although this init container still starts in the + init container sequence, it does not wait for + the container to complete before proceeding to + the next init container. Instead, the next init + container starts immediately after this init container + is started, or after any startupProbe has successfully + completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, @@ -3380,8 +3729,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -3418,18 +3768,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -3482,8 +3826,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -3517,7 +3860,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -3785,7 +4131,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3814,6 +4163,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -3888,7 +4249,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3917,6 +4281,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -3974,8 +4350,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -4009,7 +4384,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -4159,8 +4537,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -4194,7 +4571,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -4288,6 +4668,30 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4309,7 +4713,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -4425,7 +4830,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -4441,9 +4847,15 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the - container's primary GID. If unspecified, no groups - will be added to any container. Note that this field - cannot be set when spec.os.name is windows. + container's primary GID, the fsGroup (if specified), + and group memberships defined in the container image + for the uid of the container process. If unspecified, + no additional groups are added to any container. + Note that group memberships defined in the container + image for the uid of the container process are still + effective, even if they are not included in this + list. Note that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -4491,16 +4903,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, if + HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the @@ -4648,16 +5056,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys - that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match - against labelSelector. + will be calculated for the incoming pod. The same + key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be set + when LabelSelector isn't set. Keys that don't + exist in the incoming pod labels will be ignored. + A null or empty list means only match against + labelSelector. \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread feature + gate to be enabled (enabled by default)." items: type: string type: array @@ -4723,8 +5136,8 @@ spec: are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -4736,7 +5149,7 @@ spec: Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a - alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -5272,7 +5685,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -5449,11 +5862,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -5487,10 +5900,14 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of the - specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -5519,33 +5936,44 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will - replace the functionality of the DataSource + replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource - only allows two specific types of - objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), - DataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled.' + when namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to + the same value automatically if one + of them is empty and the other is + non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be + empty. There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two + specific types of objects, dataSourceRef + allows any non-core object, as well + as PersistentVolumeClaim objects. + * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates + an error if a disallowed value is + specified. * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires the + AnyVolumeDataSource feature gate to + be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -5564,11 +5992,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -5605,6 +6045,7 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object @@ -5674,6 +6115,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to + empty string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the resource + referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, as + reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -6063,6 +6532,120 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by name, + or by the combination of signer name + and a label selector. \n Kubelet performs + aggressive normalization of the PEM + contents written into the pod filesystem. + \ Esoteric PEM features such as inter-block + comments and block headers are stripped. + \ Certificates are deduplicated. The + ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -7135,7 +7718,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -7320,11 +7903,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -7359,11 +7942,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -7392,33 +7979,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -7438,11 +8035,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -7480,7 +8089,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -7550,6 +8160,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -7945,6 +8583,124 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into the + pod filesystem. Esoteric PEM features + such as inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering of + certificates within the file is arbitrary, + and Kubelet may change the order over + time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't available. If + using name, then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -8647,11 +9403,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8685,10 +9441,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -8715,33 +9475,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -8759,11 +9527,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -8799,7 +9579,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8865,6 +9646,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -9055,11 +9864,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9090,10 +9899,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will - always have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -9120,30 +9932,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as such if both + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is - non-empty. There are two important differences - between DataSource and DataSourceRef: * - While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a - disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled.' + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -9161,11 +9982,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -9198,7 +10029,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9259,6 +10091,30 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass + used by this claim. If specified, the CSI + driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can be + changed after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to + a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -9282,6 +10138,60 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update with ClaimResourceStatus + for a resource that it does not recognizes, + then it should ignore that update and + let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores + status of resource being resized for the + given PVC. Key names follow standard Kubernetes + label syntax. Valid values are either: * + Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use + implementation-defined prefixed names such + as \"example.com/my-custom-resource\" Apart + from above values - keys that are unprefixed + or have kubernetes.io prefix are considered + reserved and hence may not be used. \n ClaimResourceStatus + can be in any of following states: - ControllerResizeInProgress: + State set when resize controller starts + resizing the volume in control-plane. - + ControllerResizeFailed: State set when resize + has failed in resize controller with a terminal + error. - NodeResizePending: State set when + resize controller has finished resizing + the volume but further resizing of volume + is needed on the node. - NodeResizeInProgress: + State set when kubelet starts resizing the + volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal + error. Transient errors don't set NodeResizeFailed. + For example: if expanding a PVC for more + capacity - this field can be one of the + following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is + not set, it means that no resize operation + is in progress for the given PVC. \n A controller + that receives PVC update with previously + unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose + it was designed. For example - a controller + that only is responsible for resizing capacity + of the volume, should ignore PVC updates + that change other valid resources associated + with PVC. \n This is an alpha field and + requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -9289,13 +10199,21 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may - be larger than the actual capacity when - a volume expansion operation is requested. - For storage quota, the larger value from - allocatedResources and PVC.spec.resources + description: "allocatedResources tracks the + resources allocated to a PVC including its + capacity. Key names follow standard Kubernetes + label syntax. Valid values are either: * + Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use + implementation-defined prefixed names such + as \"example.com/my-custom-resource\" Apart + from above values - keys that are unprefixed + or have kubernetes.io prefix are considered + reserved and hence may not be used. \n Capacity + reported here may be larger than the actual + capacity when a volume expansion operation + is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity @@ -9303,8 +10221,16 @@ spec: only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. - This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + \n A controller that receives PVC update + with previously unknown resourceName should + ignore the update for the purpose it was + designed. For example - a controller that + only is responsible for resizing capacity + of the volume, should ignore PVC updates + that change other valid resources associated + with PVC. \n This is an alpha field and + requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -9323,7 +10249,7 @@ spec: the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -9360,19 +10286,53 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, there is no + VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling + VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents + the status object of ControllerModifyVolume + operation. When this is unset, there is + no ModifyVolume operation being attempted. + This is an alpha field and requires enabling + VolumeAttributesClass feature. + properties: + status: + description: 'status is the status of + the ControllerModifyVolume operation. + It can be in any of following states: + - Pending Pending indicates that the + PersistentVolumeClaim cannot be modified + due to unmet requirements, such as the + specified VolumeAttributesClass not + existing. - InProgress InProgress indicates + that the volume is being modified. - + Infeasible Infeasible indicates that + the request has been rejected as invalid + by the CSI driver. To resolve the error, + a valid VolumeAttributesClass needs + to be specified. Note: New statuses + can be added in the future. Consumers + should check for unknown statuses and + fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of - resize operation. ResizeStatus is not set - by default but when expansion is complete - resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha - field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -9877,7 +10837,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -10062,11 +11022,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10101,11 +11061,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -10134,33 +11098,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -10180,11 +11154,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -10222,7 +11208,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10292,6 +11279,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -10691,6 +11706,124 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into the + pod filesystem. Esoteric PEM features + such as inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering of + certificates within the file is arbitrary, + and Kubelet may change the order over + time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't available. If + using name, then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -11787,7 +12920,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -11818,6 +12954,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -11900,7 +13049,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -11931,6 +13083,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -11989,8 +13154,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -12024,7 +13188,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -12162,8 +13329,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -12197,7 +13363,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -12297,6 +13466,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -12318,8 +13512,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -12456,8 +13650,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -12494,18 +13689,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -12824,7 +14013,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -12892,6 +14083,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -13042,6 +14288,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -13101,6 +14349,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -13237,7 +14535,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -13305,6 +14605,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -13455,6 +14810,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -13514,6 +14871,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -13835,8 +15242,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -13853,10 +15261,16 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, - no groups will be added to any container. - Note that this field cannot be set when spec.os.name - is windows. + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -13906,18 +15320,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -14058,17 +15466,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will - be calculated for the incoming pod. Keys + be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means - only match against labelSelector. + only match against labelSelector. \n This + is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -14142,8 +15555,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -14156,7 +15569,8 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is - a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -14820,7 +16234,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -14991,11 +16405,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -15029,10 +16443,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -15059,33 +16477,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -15103,11 +16529,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -15143,7 +16581,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -15209,6 +16648,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -15591,6 +17058,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -16482,7 +18061,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -16513,6 +18095,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -16595,7 +18190,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -16626,6 +18224,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -16684,8 +18295,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -16719,7 +18329,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -16857,8 +18470,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -16892,7 +18504,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -16992,6 +18607,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -17013,8 +18653,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -17151,8 +18791,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -17189,18 +18830,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -17519,7 +19154,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -17587,6 +19224,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -17737,6 +19429,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -17796,6 +19490,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -17932,7 +19676,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -18000,6 +19746,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -18150,6 +19951,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -18209,6 +20012,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -18530,8 +20383,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -18548,10 +20402,16 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, - no groups will be added to any container. - Note that this field cannot be set when spec.os.name - is windows. + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -18601,18 +20461,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -18753,17 +20607,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will - be calculated for the incoming pod. Keys + be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means - only match against labelSelector. + only match against labelSelector. \n This + is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -18837,8 +20696,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -18851,7 +20710,8 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is - a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -19515,7 +21375,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -19686,11 +21546,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -19724,10 +21584,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -19754,33 +21618,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -19798,11 +21670,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -19838,7 +21722,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -19904,6 +21789,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -20286,6 +22199,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -21016,2335 +23041,6 @@ spec: restored files will be applied type: string type: object - runtimeSettings: - description: RuntimeSettings allow to specify Resources, NodeSelector, - Affinity, Toleration, ReadinessProbe etc. - properties: - container: - properties: - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables - in the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. Double $$ are - reduced to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - ionice: - description: 'Settings to configure `ionice` to throttle the - load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' - properties: - class: - format: int32 - type: integer - classData: - format: int32 - type: integer - type: object - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a - container is created. If the handler fails, the container - is terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of this field - and lifecycle hooks will fail in runtime when tcp - handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called - if the container crashes or exits. The Pod''s termination - grace period countdown begins before the PreStop hook - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the Pod''s - termination grace period (unless delayed by finalizers). - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of this field - and lifecycle hooks will fail in runtime when tcp - handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided by - the pod spec. Value must be non-negative integer. The - value zero indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - nice: - description: 'Settings to configure `nice` to throttle the - load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' - properties: - adjustment: - format: int32 - type: integer - type: object - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided by - the pod spec. Value must be non-negative integer. The - value zero indicates stop immediately via the kill signal - (no opportunity to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag - will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be - set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this field - cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that this - field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. The - profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should - be used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - no - profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set - when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - type: object - pod: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether - a service account token should be automatically mounted. - type: boolean - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information - about services should be injected into pod''s environment - variables, matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references - to secrets in the same namespace to use for pulling any - of the images used by this PodRuntimeSettings. If specified, - these secrets will be passed to individual puller implementations - for them to use. For example, in the case of docker, only - DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeName: - description: NodeName is a request to schedule this pod onto - a specific node. If it is non-empty, the scheduler simply - schedules this pod onto that node, assuming that it fits - resource requirements. - type: string - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which must be true - for the pod to fit on a node. Selector which must match - a node''s labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - podAnnotations: - additionalProperties: - type: string - description: PodAnnotations are the annotations that will - be attached with the respective Pod - type: object - podLabels: - additionalProperties: - type: string - description: PodLabels are the labels that will be attached - with the respective Pod - type: object - priority: - description: The priority value. Various system components - use this field to find the priority of the pod. When Priority - Admission Controller is enabled, it prevents users from - setting this field. The admission controller populates this - field from PriorityClassName. The higher the value, the - higher the priority. - format: int32 - type: integer - priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" - and "system-cluster-critical" are two special keywords which - indicate the highest priorities with the former being the - highest priority. Any other name must be defined by creating - a PriorityClass object with that name. If not specified, - the pod priority will be default or zero if there is no - default. - type: string - readinessGates: - description: 'If specified, all readiness gates will be evaluated - for pod readiness. A pod is ready when all its containers - are ready AND all conditions specified in the readiness - gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - items: - description: PodReadinessGate contains the reference to - a pod condition - properties: - conditionType: - description: ConditionType refers to a condition in - the pod's condition list with matching type. - type: string - required: - - conditionType - type: object - type: array - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass object - in the node.k8s.io group, which should be used to run this - pod. If no RuntimeClass resource matches the named class, - the pod will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit class with - an empty definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change in the future.' - type: string - schedulerName: - description: If specified, the pod will be dispatched by specified - scheduler. If not specified, the pod will be dispatched - by default scheduler. - type: string - securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - fsGroup: - description: "A special supplemental group that applies - to all containers in a pod. Some volume types allow - the Kubelet to change the ownership of that volume to - be owned by the pod: \n 1. The owning GID will be the - FSGroup 2. The setgid bit is set (new files created - in the volume will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, the Kubelet - will not modify the ownership and permissions of any - volume. Note that this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of - changing ownership and permission of the volume before - being exposed inside Pod. This field will only apply - to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume - types such as: secret, configmaps and emptydir. Valid - values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set - when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all - containers. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set when - spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. The - profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should - be used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - no - profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process - run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added - to any container. Note that this field cannot be set - when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. Note that - this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be - set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to - all containers. If unspecified, the options within a - container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - serviceAccountAnnotations: - additionalProperties: - type: string - description: ServiceAccountAnnotations are the annotations - that will be attached with the respective ServiceAccount - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group - of pods ought to spread across topology domains. Scheduler - will schedule pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector are counted - to determine the number of pods in their corresponding - topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with - labelSelector to select the group of existing pods - over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming pod labels - will be ignored. A null or empty list means only match - against labelSelector. - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to which - pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the - number of matching pods in the target topology and - the global minimum. The global minimum is the minimum - number of matching pods in an eligible domain or zero - if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector spread as - 2/2/1: In this case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 - to become 2/2/2; scheduling it onto zone1(zone2) would - make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default value - is 1 and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number - of eligible domains. When the number of eligible domains - with matching topology keys is less than minDomains, - Pod Topology Spread treats \"global minimum\" as 0, - and then the calculation of Skew is performed. And - when the number of eligible domains with matching - topology keys equals or greater than minDomains, this - value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to - those domains. If value is nil, the constraint behaves - as if MinDomains is equal to 1. Valid values are integers - greater than 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in a 3-zone - cluster, MaxSkew is set to 2, MinDomains is set to - 5 and pods with the same labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), - so \"global minimum\" is treated as 0. In this situation, - new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod - is scheduled to any of the three zones, it will violate - MaxSkew. \n This is a beta field and requires the - MinDomainsInPodTopologySpread feature gate to be enabled - (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will - treat Pod's nodeAffinity/nodeSelector when calculating - pod topology spread skew. Options are: - Honor: only - nodes matching nodeAffinity/nodeSelector are included - in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. - \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will - treat node taints when calculating pod topology spread - skew. Options are: - Honor: nodes without taints, - along with tainted nodes for which the incoming pod - has a toleration, are included. - Ignore: node taints - are ignored. All nodes are included. \n If this value - is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. - Nodes that have a label with this key and identical - values are considered to be in the same topology. - We consider each as a "bucket", and try - to put balanced number of pods into each bucket. We - define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain - of that topology. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal - with a pod if it doesn''t satisfy the spread constraint. - - DoNotSchedule (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells the scheduler - to schedule the pod in any location, but giving higher - precedence to topologies that would help reduce the - skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node - assignment for that pod would violate "MaxSkew" on - some topology. For example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P - | P | P | If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) - satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make - it *more* imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - type: object - type: object target: description: Target indicates the target application where the data will be restored. The target must be in the same namespace as the diff --git a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml index 4c55d4980..f14972252 100644 --- a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml @@ -309,7 +309,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -337,6 +340,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -408,7 +423,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -436,6 +454,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -489,8 +519,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -522,7 +551,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -650,8 +681,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -683,7 +713,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -777,6 +809,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -798,7 +852,7 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -922,8 +976,9 @@ spec: defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. type: string type: description: "type indicates which kind of seccomp @@ -956,15 +1011,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -1231,7 +1282,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1285,6 +1338,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -1406,7 +1504,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1457,6 +1556,48 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group of + existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key is + forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1571,7 +1712,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1625,6 +1768,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -1746,7 +1934,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1797,6 +1986,48 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group of + existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key is + forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2081,8 +2312,9 @@ spec: defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. type: string type: description: "type indicates which kind of seccomp @@ -2098,9 +2330,14 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added - to any container. Note that this field cannot be set - when spec.os.name is windows. + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are not included + in this list. Note that this field cannot be set when + spec.os.name is windows. items: format: int64 type: integer @@ -2145,15 +2382,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -2278,15 +2511,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming pod labels - will be ignored. A null or empty list means only match - against labelSelector. + pod. The same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be set when + LabelSelector isn't set. Keys that don't exist in + the incoming pod labels will be ignored. A null or + empty list means only match against labelSelector. + \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -2349,8 +2586,8 @@ spec: in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -2361,8 +2598,8 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: description: TopologyKey is the key of node labels. @@ -2431,8 +2668,8 @@ spec: description: Prefix specifies a directory inside the bucket/container where the data for this backend will be stored. type: string - secret: - description: Secret specifies the name of the Secret that + secretName: + description: SecretName specifies the name of the Secret that contains the access credential for this storage. type: string storageAccount: @@ -2440,28 +2677,6 @@ spec: Storage Account type: string type: object - b2: - description: B2 specifies the storage information for B2 bucket - properties: - bucket: - description: Bucket specifies the name of the bucket that - will be used as storage backend. - type: string - maxConnections: - description: MaxConnections specifies the maximum number of - concurrent connections to use to upload/download data to - this backend. - format: int64 - type: integer - prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. - type: string - secret: - description: Secret specifies the name of the Secret that - contains the access credential for this storage. - type: string - type: object gcs: description: GCS specifies the storage information for GCS bucket properties: @@ -2479,8 +2694,8 @@ spec: description: Prefix specifies a directory inside the bucket/container where the data for this backend will be stored. type: string - secret: - description: Secret specifies the name of the Secret that + secretName: + description: SecretName specifies the name of the Secret that contains the access credential for this storage. type: string type: object @@ -2877,7 +3092,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3028,11 +3243,11 @@ spec: type: string name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3065,9 +3280,12 @@ spec: the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have - the same contents as the DataSourceRef field.' + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the @@ -3093,28 +3311,35 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of the - specified object matches some installed volume - populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, both fields (DataSource and DataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is non-empty. - There are two important differences between - DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using this field - requires the AnyVolumeDataSource feature gate - to be enabled.' + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the @@ -3131,11 +3356,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -3168,7 +3403,8 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -3228,6 +3464,28 @@ spec: the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be + used to set the VolumeAttributesClass used by + this claim. If specified, the CSI driver will + create or update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed + to reset this field to empty string once it + is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to by + volumeAttributesClass does not exist, this PersistentVolumeClaim + will be set to a Pending state, as reflected + by the modifyVolumeStatus field, until such + as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem @@ -3584,6 +3842,105 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to + access the `.spec.trustBundle` field of ClusterTrustBundle + objects in an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature gate. + \n ClusterTrustBundle objects can either be selected + by name, or by the combination of signer name + and a label selector. \n Kubelet performs aggressive + normalization of the PEM contents written into + the pod filesystem. Esoteric PEM features such + as inter-block comments and block headers are + stripped. Certificates are deduplicated. The + ordering of certificates within the file is arbitrary, + and Kubelet may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only has + effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as "match + nothing". If set but empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with signerName + and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) aren't + available. If using name, then the named + ClusterTrustBundle is allowed not to exist. If + using signerName, then the combination of + signerName and labelSelector is allowed to + match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -4119,18 +4476,6 @@ spec: provider: description: Provider specifies the provider of the storage type: string - rest: - description: Rest specifies the storage information for rest storage - server - properties: - secret: - description: Secret specifies the name of the Secret that - contains the access credential for this storage. - type: string - url: - description: URL specifies the URL of the REST storage server - type: string - type: object s3: description: S3 specifies the storage information for AWS S3 and S3 compatible storage. @@ -4151,25 +4496,8 @@ spec: description: Region specifies the region where the bucket is located type: string - secret: - description: Secret specifies the name of the Secret that - contains the access credential for this storage. - type: string - type: object - swift: - description: Swift specifies the storage information for Swift - container - properties: - container: - description: Container specifies the name of the Swift container - that will be used as storage backend. - type: string - prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. - type: string - secret: - description: Secret specifies the name of the Secret that + secretName: + description: SecretName specifies the name of the Secret that contains the access credential for this storage. type: string type: object diff --git a/vendor/modules.txt b/vendor/modules.txt index 494895bb7..ecdcb9c4f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1481,7 +1481,7 @@ kmodules.xyz/prober/api/v1 kmodules.xyz/resource-metadata/apis/node kmodules.xyz/resource-metadata/apis/node/v1alpha1 kmodules.xyz/resource-metadata/crds -# kubedb.dev/apimachinery v0.41.0-beta.0.0.20240119173518-f85d14100011 +# kubedb.dev/apimachinery v0.41.0-beta.1 ## explicit; go 1.21.5 kubedb.dev/apimachinery/apis kubedb.dev/apimachinery/apis/archiver/v1alpha1 @@ -1531,7 +1531,7 @@ kubedb.dev/db-client-go/redis ## explicit; go 1.21.5 kubeops.dev/sidekick/apis/apps kubeops.dev/sidekick/apis/apps/v1alpha1 -# kubestash.dev/apimachinery v0.3.1-0.20231231034418-cc46ddfd674a +# kubestash.dev/apimachinery v0.4.0-rc.0 ## explicit; go 1.21.5 kubestash.dev/apimachinery/apis kubestash.dev/apimachinery/apis/core/v1alpha1