1/* 2Copyright The Kubernetes Authors. 3 4Licensed under the Apache License, Version 2.0 (the "License"); 5you may not use this file except in compliance with the License. 6You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10Unless required by applicable law or agreed to in writing, software 11distributed under the License is distributed on an "AS IS" BASIS, 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13See the License for the specific language governing permissions and 14limitations under the License. 15*/ 16 17 18// This file was autogenerated by go-to-protobuf. Do not edit it manually! 19 20syntax = 'proto2'; 21 22package k8s.io.api.core.v1; 23 24import "k8s.io/apimachinery/pkg/api/resource/generated.proto"; 25import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; 26import "k8s.io/apimachinery/pkg/runtime/generated.proto"; 27import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; 28import "k8s.io/apimachinery/pkg/util/intstr/generated.proto"; 29 30// Package-wide variables from generator "generated". 31option go_package = "v1"; 32 33// Represents a Persistent Disk resource in AWS. 34// 35// An AWS EBS disk must exist before mounting to a container. The disk 36// must also be in the same AWS zone as the kubelet. An AWS EBS disk 37// can only be mounted as read/write once. AWS EBS volumes support 38// ownership management and SELinux relabeling. 39message AWSElasticBlockStoreVolumeSource { 40 // Unique ID of the persistent disk resource in AWS (Amazon EBS volume). 41 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 42 optional string volumeID = 1; 43 44 // Filesystem type of the volume that you want to mount. 45 // Tip: Ensure that the filesystem type is supported by the host operating system. 46 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 47 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 48 // TODO: how do we prevent errors in the filesystem from compromising the machine 49 // +optional 50 optional string fsType = 2; 51 52 // The partition in the volume that you want to mount. 53 // If omitted, the default is to mount by volume name. 54 // Examples: For volume /dev/sda1, you specify the partition as "1". 55 // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 56 // +optional 57 optional int32 partition = 3; 58 59 // Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". 60 // If omitted, the default is "false". 61 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 62 // +optional 63 optional bool readOnly = 4; 64} 65 66// Affinity is a group of affinity scheduling rules. 67message Affinity { 68 // Describes node affinity scheduling rules for the pod. 69 // +optional 70 optional NodeAffinity nodeAffinity = 1; 71 72 // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 73 // +optional 74 optional PodAffinity podAffinity = 2; 75 76 // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 77 // +optional 78 optional PodAntiAffinity podAntiAffinity = 3; 79} 80 81// AttachedVolume describes a volume attached to a node 82message AttachedVolume { 83 // Name of the attached volume 84 optional string name = 1; 85 86 // DevicePath represents the device path where the volume should be available 87 optional string devicePath = 2; 88} 89 90// AvoidPods describes pods that should avoid this node. This is the value for a 91// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and 92// will eventually become a field of NodeStatus. 93message AvoidPods { 94 // Bounded-sized list of signatures of pods that should avoid this node, sorted 95 // in timestamp order from oldest to newest. Size of the slice is unspecified. 96 // +optional 97 repeated PreferAvoidPodsEntry preferAvoidPods = 1; 98} 99 100// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 101message AzureDiskVolumeSource { 102 // The Name of the data disk in the blob storage 103 optional string diskName = 1; 104 105 // The URI the data disk in the blob storage 106 optional string diskURI = 2; 107 108 // Host Caching mode: None, Read Only, Read Write. 109 // +optional 110 optional string cachingMode = 3; 111 112 // Filesystem type to mount. 113 // Must be a filesystem type supported by the host operating system. 114 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 115 // +optional 116 optional string fsType = 4; 117 118 // Defaults to false (read/write). ReadOnly here will force 119 // the ReadOnly setting in VolumeMounts. 120 // +optional 121 optional bool readOnly = 5; 122 123 // Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 124 optional string kind = 6; 125} 126 127// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 128message AzureFilePersistentVolumeSource { 129 // the name of secret that contains Azure Storage Account Name and Key 130 optional string secretName = 1; 131 132 // Share Name 133 optional string shareName = 2; 134 135 // Defaults to false (read/write). ReadOnly here will force 136 // the ReadOnly setting in VolumeMounts. 137 // +optional 138 optional bool readOnly = 3; 139 140 // the namespace of the secret that contains Azure Storage Account Name and Key 141 // default is the same as the Pod 142 // +optional 143 optional string secretNamespace = 4; 144} 145 146// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 147message AzureFileVolumeSource { 148 // the name of secret that contains Azure Storage Account Name and Key 149 optional string secretName = 1; 150 151 // Share Name 152 optional string shareName = 2; 153 154 // Defaults to false (read/write). ReadOnly here will force 155 // the ReadOnly setting in VolumeMounts. 156 // +optional 157 optional bool readOnly = 3; 158} 159 160// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. 161// Deprecated in 1.7, please use the bindings subresource of pods instead. 162message Binding { 163 // Standard object's metadata. 164 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 165 // +optional 166 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 167 168 // The target object that you want to bind to the standard object. 169 optional ObjectReference target = 2; 170} 171 172// Represents storage that is managed by an external CSI volume driver (Beta feature) 173message CSIPersistentVolumeSource { 174 // Driver is the name of the driver to use for this volume. 175 // Required. 176 optional string driver = 1; 177 178 // VolumeHandle is the unique volume name returned by the CSI volume 179 // plugin’s CreateVolume to refer to the volume on all subsequent calls. 180 // Required. 181 optional string volumeHandle = 2; 182 183 // Optional: The value to pass to ControllerPublishVolumeRequest. 184 // Defaults to false (read/write). 185 // +optional 186 optional bool readOnly = 3; 187 188 // Filesystem type to mount. 189 // Must be a filesystem type supported by the host operating system. 190 // Ex. "ext4", "xfs", "ntfs". 191 // +optional 192 optional string fsType = 4; 193 194 // Attributes of the volume to publish. 195 // +optional 196 map<string, string> volumeAttributes = 5; 197 198 // ControllerPublishSecretRef is a reference to the secret object containing 199 // sensitive information to pass to the CSI driver to complete the CSI 200 // ControllerPublishVolume and ControllerUnpublishVolume calls. 201 // This field is optional, and may be empty if no secret is required. If the 202 // secret object contains more than one secret, all secrets are passed. 203 // +optional 204 optional SecretReference controllerPublishSecretRef = 6; 205 206 // NodeStageSecretRef is a reference to the secret object containing sensitive 207 // information to pass to the CSI driver to complete the CSI NodeStageVolume 208 // and NodeStageVolume and NodeUnstageVolume calls. 209 // This field is optional, and may be empty if no secret is required. If the 210 // secret object contains more than one secret, all secrets are passed. 211 // +optional 212 optional SecretReference nodeStageSecretRef = 7; 213 214 // NodePublishSecretRef is a reference to the secret object containing 215 // sensitive information to pass to the CSI driver to complete the CSI 216 // NodePublishVolume and NodeUnpublishVolume calls. 217 // This field is optional, and may be empty if no secret is required. If the 218 // secret object contains more than one secret, all secrets are passed. 219 // +optional 220 optional SecretReference nodePublishSecretRef = 8; 221 222 // ControllerExpandSecretRef is a reference to the secret object containing 223 // sensitive information to pass to the CSI driver to complete the CSI 224 // ControllerExpandVolume call. 225 // This is an alpha field and requires enabling ExpandCSIVolumes feature gate. 226 // This field is optional, and may be empty if no secret is required. If the 227 // secret object contains more than one secret, all secrets are passed. 228 // +optional 229 optional SecretReference controllerExpandSecretRef = 9; 230} 231 232// Represents a source location of a volume to mount, managed by an external CSI driver 233message CSIVolumeSource { 234 // Driver is the name of the CSI driver that handles this volume. 235 // Consult with your admin for the correct name as registered in the cluster. 236 optional string driver = 1; 237 238 // Specifies a read-only configuration for the volume. 239 // Defaults to false (read/write). 240 // +optional 241 optional bool readOnly = 2; 242 243 // Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". 244 // If not provided, the empty value is passed to the associated CSI driver 245 // which will determine the default filesystem to apply. 246 // +optional 247 optional string fsType = 3; 248 249 // VolumeAttributes stores driver-specific properties that are passed to the CSI 250 // driver. Consult your driver's documentation for supported values. 251 // +optional 252 map<string, string> volumeAttributes = 4; 253 254 // NodePublishSecretRef is a reference to the secret object containing 255 // sensitive information to pass to the CSI driver to complete the CSI 256 // NodePublishVolume and NodeUnpublishVolume calls. 257 // This field is optional, and may be empty if no secret is required. If the 258 // secret object contains more than one secret, all secret references are passed. 259 // +optional 260 optional LocalObjectReference nodePublishSecretRef = 5; 261} 262 263// Adds and removes POSIX capabilities from running containers. 264message Capabilities { 265 // Added capabilities 266 // +optional 267 repeated string add = 1; 268 269 // Removed capabilities 270 // +optional 271 repeated string drop = 2; 272} 273 274// Represents a Ceph Filesystem mount that lasts the lifetime of a pod 275// Cephfs volumes do not support ownership management or SELinux relabeling. 276message CephFSPersistentVolumeSource { 277 // Required: Monitors is a collection of Ceph monitors 278 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 279 repeated string monitors = 1; 280 281 // Optional: Used as the mounted root, rather than the full Ceph tree, default is / 282 // +optional 283 optional string path = 2; 284 285 // Optional: User is the rados user name, default is admin 286 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 287 // +optional 288 optional string user = 3; 289 290 // Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret 291 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 292 // +optional 293 optional string secretFile = 4; 294 295 // Optional: SecretRef is reference to the authentication secret for User, default is empty. 296 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 297 // +optional 298 optional SecretReference secretRef = 5; 299 300 // Optional: Defaults to false (read/write). ReadOnly here will force 301 // the ReadOnly setting in VolumeMounts. 302 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 303 // +optional 304 optional bool readOnly = 6; 305} 306 307// Represents a Ceph Filesystem mount that lasts the lifetime of a pod 308// Cephfs volumes do not support ownership management or SELinux relabeling. 309message CephFSVolumeSource { 310 // Required: Monitors is a collection of Ceph monitors 311 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 312 repeated string monitors = 1; 313 314 // Optional: Used as the mounted root, rather than the full Ceph tree, default is / 315 // +optional 316 optional string path = 2; 317 318 // Optional: User is the rados user name, default is admin 319 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 320 // +optional 321 optional string user = 3; 322 323 // Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret 324 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 325 // +optional 326 optional string secretFile = 4; 327 328 // Optional: SecretRef is reference to the authentication secret for User, default is empty. 329 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 330 // +optional 331 optional LocalObjectReference secretRef = 5; 332 333 // Optional: Defaults to false (read/write). ReadOnly here will force 334 // the ReadOnly setting in VolumeMounts. 335 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 336 // +optional 337 optional bool readOnly = 6; 338} 339 340// Represents a cinder volume resource in Openstack. 341// A Cinder volume must exist before mounting to a container. 342// The volume must also be in the same region as the kubelet. 343// Cinder volumes support ownership management and SELinux relabeling. 344message CinderPersistentVolumeSource { 345 // volume id used to identify the volume in cinder. 346 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md 347 optional string volumeID = 1; 348 349 // Filesystem type to mount. 350 // Must be a filesystem type supported by the host operating system. 351 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 352 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md 353 // +optional 354 optional string fsType = 2; 355 356 // Optional: Defaults to false (read/write). ReadOnly here will force 357 // the ReadOnly setting in VolumeMounts. 358 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md 359 // +optional 360 optional bool readOnly = 3; 361 362 // Optional: points to a secret object containing parameters used to connect 363 // to OpenStack. 364 // +optional 365 optional SecretReference secretRef = 4; 366} 367 368// Represents a cinder volume resource in Openstack. 369// A Cinder volume must exist before mounting to a container. 370// The volume must also be in the same region as the kubelet. 371// Cinder volumes support ownership management and SELinux relabeling. 372message CinderVolumeSource { 373 // volume id used to identify the volume in cinder. 374 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md 375 optional string volumeID = 1; 376 377 // Filesystem type to mount. 378 // Must be a filesystem type supported by the host operating system. 379 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 380 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md 381 // +optional 382 optional string fsType = 2; 383 384 // Optional: Defaults to false (read/write). ReadOnly here will force 385 // the ReadOnly setting in VolumeMounts. 386 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md 387 // +optional 388 optional bool readOnly = 3; 389 390 // Optional: points to a secret object containing parameters used to connect 391 // to OpenStack. 392 // +optional 393 optional LocalObjectReference secretRef = 4; 394} 395 396// ClientIPConfig represents the configurations of Client IP based session affinity. 397message ClientIPConfig { 398 // timeoutSeconds specifies the seconds of ClientIP type session sticky time. 399 // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". 400 // Default value is 10800(for 3 hours). 401 // +optional 402 optional int32 timeoutSeconds = 1; 403} 404 405// Information about the condition of a component. 406message ComponentCondition { 407 // Type of condition for a component. 408 // Valid value: "Healthy" 409 optional string type = 1; 410 411 // Status of the condition for a component. 412 // Valid values for "Healthy": "True", "False", or "Unknown". 413 optional string status = 2; 414 415 // Message about the condition for a component. 416 // For example, information about a health check. 417 // +optional 418 optional string message = 3; 419 420 // Condition error code for a component. 421 // For example, a health check error code. 422 // +optional 423 optional string error = 4; 424} 425 426// ComponentStatus (and ComponentStatusList) holds the cluster validation info. 427message ComponentStatus { 428 // Standard object's metadata. 429 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 430 // +optional 431 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 432 433 // List of component conditions observed 434 // +optional 435 // +patchMergeKey=type 436 // +patchStrategy=merge 437 repeated ComponentCondition conditions = 2; 438} 439 440// Status of all the conditions for the component as a list of ComponentStatus objects. 441message ComponentStatusList { 442 // Standard list metadata. 443 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 444 // +optional 445 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 446 447 // List of ComponentStatus objects. 448 repeated ComponentStatus items = 2; 449} 450 451// ConfigMap holds configuration data for pods to consume. 452message ConfigMap { 453 // Standard object's metadata. 454 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 455 // +optional 456 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 457 458 // Immutable, if set to true, ensures that data stored in the ConfigMap cannot 459 // be updated (only object metadata can be modified). 460 // If not set to true, the field can be modified at any time. 461 // Defaulted to nil. 462 // This is an alpha field enabled by ImmutableEphemeralVolumes feature gate. 463 // +optional 464 optional bool immutable = 4; 465 466 // Data contains the configuration data. 467 // Each key must consist of alphanumeric characters, '-', '_' or '.'. 468 // Values with non-UTF-8 byte sequences must use the BinaryData field. 469 // The keys stored in Data must not overlap with the keys in 470 // the BinaryData field, this is enforced during validation process. 471 // +optional 472 map<string, string> data = 2; 473 474 // BinaryData contains the binary data. 475 // Each key must consist of alphanumeric characters, '-', '_' or '.'. 476 // BinaryData can contain byte sequences that are not in the UTF-8 range. 477 // The keys stored in BinaryData must not overlap with the ones in 478 // the Data field, this is enforced during validation process. 479 // Using this field will require 1.10+ apiserver and 480 // kubelet. 481 // +optional 482 map<string, bytes> binaryData = 3; 483} 484 485// ConfigMapEnvSource selects a ConfigMap to populate the environment 486// variables with. 487// 488// The contents of the target ConfigMap's Data field will represent the 489// key-value pairs as environment variables. 490message ConfigMapEnvSource { 491 // The ConfigMap to select from. 492 optional LocalObjectReference localObjectReference = 1; 493 494 // Specify whether the ConfigMap must be defined 495 // +optional 496 optional bool optional = 2; 497} 498 499// Selects a key from a ConfigMap. 500message ConfigMapKeySelector { 501 // The ConfigMap to select from. 502 optional LocalObjectReference localObjectReference = 1; 503 504 // The key to select. 505 optional string key = 2; 506 507 // Specify whether the ConfigMap or its key must be defined 508 // +optional 509 optional bool optional = 3; 510} 511 512// ConfigMapList is a resource containing a list of ConfigMap objects. 513message ConfigMapList { 514 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 515 // +optional 516 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 517 518 // Items is the list of ConfigMaps. 519 repeated ConfigMap items = 2; 520} 521 522// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. 523message ConfigMapNodeConfigSource { 524 // Namespace is the metadata.namespace of the referenced ConfigMap. 525 // This field is required in all cases. 526 optional string namespace = 1; 527 528 // Name is the metadata.name of the referenced ConfigMap. 529 // This field is required in all cases. 530 optional string name = 2; 531 532 // UID is the metadata.UID of the referenced ConfigMap. 533 // This field is forbidden in Node.Spec, and required in Node.Status. 534 // +optional 535 optional string uid = 3; 536 537 // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. 538 // This field is forbidden in Node.Spec, and required in Node.Status. 539 // +optional 540 optional string resourceVersion = 4; 541 542 // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure 543 // This field is required in all cases. 544 optional string kubeletConfigKey = 5; 545} 546 547// Adapts a ConfigMap into a projected volume. 548// 549// The contents of the target ConfigMap's Data field will be presented in a 550// projected volume as files using the keys in the Data field as the file names, 551// unless the items element is populated with specific mappings of keys to paths. 552// Note that this is identical to a configmap volume source without the default 553// mode. 554message ConfigMapProjection { 555 optional LocalObjectReference localObjectReference = 1; 556 557 // If unspecified, each key-value pair in the Data field of the referenced 558 // ConfigMap will be projected into the volume as a file whose name is the 559 // key and content is the value. If specified, the listed keys will be 560 // projected into the specified paths, and unlisted keys will not be 561 // present. If a key is specified which is not present in the ConfigMap, 562 // the volume setup will error unless it is marked optional. Paths must be 563 // relative and may not contain the '..' path or start with '..'. 564 // +optional 565 repeated KeyToPath items = 2; 566 567 // Specify whether the ConfigMap or its keys must be defined 568 // +optional 569 optional bool optional = 4; 570} 571 572// Adapts a ConfigMap into a volume. 573// 574// The contents of the target ConfigMap's Data field will be presented in a 575// volume as files using the keys in the Data field as the file names, unless 576// the items element is populated with specific mappings of keys to paths. 577// ConfigMap volumes support ownership management and SELinux relabeling. 578message ConfigMapVolumeSource { 579 optional LocalObjectReference localObjectReference = 1; 580 581 // If unspecified, each key-value pair in the Data field of the referenced 582 // ConfigMap will be projected into the volume as a file whose name is the 583 // key and content is the value. If specified, the listed keys will be 584 // projected into the specified paths, and unlisted keys will not be 585 // present. If a key is specified which is not present in the ConfigMap, 586 // the volume setup will error unless it is marked optional. Paths must be 587 // relative and may not contain the '..' path or start with '..'. 588 // +optional 589 repeated KeyToPath items = 2; 590 591 // Optional: mode bits to use on created files by default. Must be a 592 // value between 0 and 0777. Defaults to 0644. 593 // Directories within the path are not affected by this setting. 594 // This might be in conflict with other options that affect the file 595 // mode, like fsGroup, and the result can be other mode bits set. 596 // +optional 597 optional int32 defaultMode = 3; 598 599 // Specify whether the ConfigMap or its keys must be defined 600 // +optional 601 optional bool optional = 4; 602} 603 604// A single application container that you want to run within a pod. 605message Container { 606 // Name of the container specified as a DNS_LABEL. 607 // Each container in a pod must have a unique name (DNS_LABEL). 608 // Cannot be updated. 609 optional string name = 1; 610 611 // Docker image name. 612 // More info: https://kubernetes.io/docs/concepts/containers/images 613 // This field is optional to allow higher level config management to default or override 614 // container images in workload controllers like Deployments and StatefulSets. 615 // +optional 616 optional string image = 2; 617 618 // Entrypoint array. Not executed within a shell. 619 // The docker image's ENTRYPOINT is used if this is not provided. 620 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 621 // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax 622 // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, 623 // regardless of whether the variable exists or not. 624 // Cannot be updated. 625 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 626 // +optional 627 repeated string command = 3; 628 629 // Arguments to the entrypoint. 630 // The docker image's CMD is used if this is not provided. 631 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 632 // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax 633 // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, 634 // regardless of whether the variable exists or not. 635 // Cannot be updated. 636 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 637 // +optional 638 repeated string args = 4; 639 640 // Container's working directory. 641 // If not specified, the container runtime's default will be used, which 642 // might be configured in the container image. 643 // Cannot be updated. 644 // +optional 645 optional string workingDir = 5; 646 647 // List of ports to expose from the container. Exposing a port here gives 648 // the system additional information about the network connections a 649 // container uses, but is primarily informational. Not specifying a port here 650 // DOES NOT prevent that port from being exposed. Any port which is 651 // listening on the default "0.0.0.0" address inside a container will be 652 // accessible from the network. 653 // Cannot be updated. 654 // +optional 655 // +patchMergeKey=containerPort 656 // +patchStrategy=merge 657 // +listType=map 658 // +listMapKey=containerPort 659 // +listMapKey=protocol 660 repeated ContainerPort ports = 6; 661 662 // List of sources to populate environment variables in the container. 663 // The keys defined within a source must be a C_IDENTIFIER. All invalid keys 664 // will be reported as an event when the container is starting. When a key exists in multiple 665 // sources, the value associated with the last source will take precedence. 666 // Values defined by an Env with a duplicate key will take precedence. 667 // Cannot be updated. 668 // +optional 669 repeated EnvFromSource envFrom = 19; 670 671 // List of environment variables to set in the container. 672 // Cannot be updated. 673 // +optional 674 // +patchMergeKey=name 675 // +patchStrategy=merge 676 repeated EnvVar env = 7; 677 678 // Compute Resources required by this container. 679 // Cannot be updated. 680 // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ 681 // +optional 682 optional ResourceRequirements resources = 8; 683 684 // Pod volumes to mount into the container's filesystem. 685 // Cannot be updated. 686 // +optional 687 // +patchMergeKey=mountPath 688 // +patchStrategy=merge 689 repeated VolumeMount volumeMounts = 9; 690 691 // volumeDevices is the list of block devices to be used by the container. 692 // +patchMergeKey=devicePath 693 // +patchStrategy=merge 694 // +optional 695 repeated VolumeDevice volumeDevices = 21; 696 697 // Periodic probe of container liveness. 698 // Container will be restarted if the probe fails. 699 // Cannot be updated. 700 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 701 // +optional 702 optional Probe livenessProbe = 10; 703 704 // Periodic probe of container service readiness. 705 // Container will be removed from service endpoints if the probe fails. 706 // Cannot be updated. 707 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 708 // +optional 709 optional Probe readinessProbe = 11; 710 711 // StartupProbe indicates that the Pod has successfully initialized. 712 // If specified, no other probes are executed until this completes successfully. 713 // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. 714 // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, 715 // when it might take a long time to load data or warm a cache, than during steady-state operation. 716 // This cannot be updated. 717 // This is a beta feature enabled by the StartupProbe feature flag. 718 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 719 // +optional 720 optional Probe startupProbe = 22; 721 722 // Actions that the management system should take in response to container lifecycle events. 723 // Cannot be updated. 724 // +optional 725 optional Lifecycle lifecycle = 12; 726 727 // Optional: Path at which the file to which the container's termination message 728 // will be written is mounted into the container's filesystem. 729 // Message written is intended to be brief final status, such as an assertion failure message. 730 // Will be truncated by the node if greater than 4096 bytes. The total message length across 731 // all containers will be limited to 12kb. 732 // Defaults to /dev/termination-log. 733 // Cannot be updated. 734 // +optional 735 optional string terminationMessagePath = 13; 736 737 // Indicate how the termination message should be populated. File will use the contents of 738 // terminationMessagePath to populate the container status message on both success and failure. 739 // FallbackToLogsOnError will use the last chunk of container log output if the termination 740 // message file is empty and the container exited with an error. 741 // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 742 // Defaults to File. 743 // Cannot be updated. 744 // +optional 745 optional string terminationMessagePolicy = 20; 746 747 // Image pull policy. 748 // One of Always, Never, IfNotPresent. 749 // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 750 // Cannot be updated. 751 // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 752 // +optional 753 optional string imagePullPolicy = 14; 754 755 // Security options the pod should run with. 756 // More info: https://kubernetes.io/docs/concepts/policy/security-context/ 757 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 758 // +optional 759 optional SecurityContext securityContext = 15; 760 761 // Whether this container should allocate a buffer for stdin in the container runtime. If this 762 // is not set, reads from stdin in the container will always result in EOF. 763 // Default is false. 764 // +optional 765 optional bool stdin = 16; 766 767 // Whether the container runtime should close the stdin channel after it has been opened by 768 // a single attach. When stdin is true the stdin stream will remain open across multiple attach 769 // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 770 // first client attaches to stdin, and then remains open and accepts data until the client disconnects, 771 // at which time stdin is closed and remains closed until the container is restarted. If this 772 // flag is false, a container processes that reads from stdin will never receive an EOF. 773 // Default is false 774 // +optional 775 optional bool stdinOnce = 17; 776 777 // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 778 // Default is false. 779 // +optional 780 optional bool tty = 18; 781} 782 783// Describe a container image 784message ContainerImage { 785 // Names by which this image is known. 786 // e.g. ["k8s.gcr.io/hyperkube:v1.0.7", "dockerhub.io/google_containers/hyperkube:v1.0.7"] 787 repeated string names = 1; 788 789 // The size of the image in bytes. 790 // +optional 791 optional int64 sizeBytes = 2; 792} 793 794// ContainerPort represents a network port in a single container. 795message ContainerPort { 796 // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 797 // named port in a pod must have a unique name. Name for the port that can be 798 // referred to by services. 799 // +optional 800 optional string name = 1; 801 802 // Number of port to expose on the host. 803 // If specified, this must be a valid port number, 0 < x < 65536. 804 // If HostNetwork is specified, this must match ContainerPort. 805 // Most containers do not need this. 806 // +optional 807 optional int32 hostPort = 2; 808 809 // Number of port to expose on the pod's IP address. 810 // This must be a valid port number, 0 < x < 65536. 811 optional int32 containerPort = 3; 812 813 // Protocol for port. Must be UDP, TCP, or SCTP. 814 // Defaults to "TCP". 815 // +optional 816 optional string protocol = 4; 817 818 // What host IP to bind the external port to. 819 // +optional 820 optional string hostIP = 5; 821} 822 823// ContainerState holds a possible state of container. 824// Only one of its members may be specified. 825// If none of them is specified, the default one is ContainerStateWaiting. 826message ContainerState { 827 // Details about a waiting container 828 // +optional 829 optional ContainerStateWaiting waiting = 1; 830 831 // Details about a running container 832 // +optional 833 optional ContainerStateRunning running = 2; 834 835 // Details about a terminated container 836 // +optional 837 optional ContainerStateTerminated terminated = 3; 838} 839 840// ContainerStateRunning is a running state of a container. 841message ContainerStateRunning { 842 // Time at which the container was last (re-)started 843 // +optional 844 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 1; 845} 846 847// ContainerStateTerminated is a terminated state of a container. 848message ContainerStateTerminated { 849 // Exit status from the last termination of the container 850 optional int32 exitCode = 1; 851 852 // Signal from the last termination of the container 853 // +optional 854 optional int32 signal = 2; 855 856 // (brief) reason from the last termination of the container 857 // +optional 858 optional string reason = 3; 859 860 // Message regarding the last termination of the container 861 // +optional 862 optional string message = 4; 863 864 // Time at which previous execution of the container started 865 // +optional 866 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 5; 867 868 // Time at which the container last terminated 869 // +optional 870 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 6; 871 872 // Container's ID in the format 'docker://<container_id>' 873 // +optional 874 optional string containerID = 7; 875} 876 877// ContainerStateWaiting is a waiting state of a container. 878message ContainerStateWaiting { 879 // (brief) reason the container is not yet running. 880 // +optional 881 optional string reason = 1; 882 883 // Message regarding why the container is not yet running. 884 // +optional 885 optional string message = 2; 886} 887 888// ContainerStatus contains details for the current status of this container. 889message ContainerStatus { 890 // This must be a DNS_LABEL. Each container in a pod must have a unique name. 891 // Cannot be updated. 892 optional string name = 1; 893 894 // Details about the container's current condition. 895 // +optional 896 optional ContainerState state = 2; 897 898 // Details about the container's last termination condition. 899 // +optional 900 optional ContainerState lastState = 3; 901 902 // Specifies whether the container has passed its readiness probe. 903 optional bool ready = 4; 904 905 // The number of times the container has been restarted, currently based on 906 // the number of dead containers that have not yet been removed. 907 // Note that this is calculated from dead containers. But those containers are subject to 908 // garbage collection. This value will get capped at 5 by GC. 909 optional int32 restartCount = 5; 910 911 // The image the container is running. 912 // More info: https://kubernetes.io/docs/concepts/containers/images 913 // TODO(dchen1107): Which image the container is running with? 914 optional string image = 6; 915 916 // ImageID of the container's image. 917 optional string imageID = 7; 918 919 // Container's ID in the format 'docker://<container_id>'. 920 // +optional 921 optional string containerID = 8; 922 923 // Specifies whether the container has passed its startup probe. 924 // Initialized as false, becomes true after startupProbe is considered successful. 925 // Resets to false when the container is restarted, or if kubelet loses state temporarily. 926 // Is always true when no startupProbe is defined. 927 // +optional 928 optional bool started = 9; 929} 930 931// DaemonEndpoint contains information about a single Daemon endpoint. 932message DaemonEndpoint { 933 // Port number of the given endpoint. 934 optional int32 Port = 1; 935} 936 937// Represents downward API info for projecting into a projected volume. 938// Note that this is identical to a downwardAPI volume source without the default 939// mode. 940message DownwardAPIProjection { 941 // Items is a list of DownwardAPIVolume file 942 // +optional 943 repeated DownwardAPIVolumeFile items = 1; 944} 945 946// DownwardAPIVolumeFile represents information to create the file containing the pod field 947message DownwardAPIVolumeFile { 948 // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' 949 optional string path = 1; 950 951 // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. 952 // +optional 953 optional ObjectFieldSelector fieldRef = 2; 954 955 // Selects a resource of the container: only resources limits and requests 956 // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. 957 // +optional 958 optional ResourceFieldSelector resourceFieldRef = 3; 959 960 // Optional: mode bits to use on this file, must be a value between 0 961 // and 0777. If not specified, the volume defaultMode will be used. 962 // This might be in conflict with other options that affect the file 963 // mode, like fsGroup, and the result can be other mode bits set. 964 // +optional 965 optional int32 mode = 4; 966} 967 968// DownwardAPIVolumeSource represents a volume containing downward API info. 969// Downward API volumes support ownership management and SELinux relabeling. 970message DownwardAPIVolumeSource { 971 // Items is a list of downward API volume file 972 // +optional 973 repeated DownwardAPIVolumeFile items = 1; 974 975 // Optional: mode bits to use on created files by default. Must be a 976 // value between 0 and 0777. Defaults to 0644. 977 // Directories within the path are not affected by this setting. 978 // This might be in conflict with other options that affect the file 979 // mode, like fsGroup, and the result can be other mode bits set. 980 // +optional 981 optional int32 defaultMode = 2; 982} 983 984// Represents an empty directory for a pod. 985// Empty directory volumes support ownership management and SELinux relabeling. 986message EmptyDirVolumeSource { 987 // What type of storage medium should back this directory. 988 // The default is "" which means to use the node's default medium. 989 // Must be an empty string (default) or Memory. 990 // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 991 // +optional 992 optional string medium = 1; 993 994 // Total amount of local storage required for this EmptyDir volume. 995 // The size limit is also applicable for memory medium. 996 // The maximum usage on memory medium EmptyDir would be the minimum value between 997 // the SizeLimit specified here and the sum of memory limits of all containers in a pod. 998 // The default is nil which means that the limit is undefined. 999 // More info: http://kubernetes.io/docs/user-guide/volumes#emptydir 1000 // +optional 1001 optional k8s.io.apimachinery.pkg.api.resource.Quantity sizeLimit = 2; 1002} 1003 1004// EndpointAddress is a tuple that describes single IP address. 1005message EndpointAddress { 1006 // The IP of this endpoint. 1007 // May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), 1008 // or link-local multicast ((224.0.0.0/24). 1009 // IPv6 is also accepted but not fully supported on all platforms. Also, certain 1010 // kubernetes components, like kube-proxy, are not IPv6 ready. 1011 // TODO: This should allow hostname or IP, See #4447. 1012 optional string ip = 1; 1013 1014 // The Hostname of this endpoint 1015 // +optional 1016 optional string hostname = 3; 1017 1018 // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. 1019 // +optional 1020 optional string nodeName = 4; 1021 1022 // Reference to object providing the endpoint. 1023 // +optional 1024 optional ObjectReference targetRef = 2; 1025} 1026 1027// EndpointPort is a tuple that describes a single port. 1028message EndpointPort { 1029 // The name of this port. This must match the 'name' field in the 1030 // corresponding ServicePort. 1031 // Must be a DNS_LABEL. 1032 // Optional only if one port is defined. 1033 // +optional 1034 optional string name = 1; 1035 1036 // The port number of the endpoint. 1037 optional int32 port = 2; 1038 1039 // The IP protocol for this port. 1040 // Must be UDP, TCP, or SCTP. 1041 // Default is TCP. 1042 // +optional 1043 optional string protocol = 3; 1044 1045 // The application protocol for this port. 1046 // This field follows standard Kubernetes label syntax. 1047 // Un-prefixed names are reserved for IANA standard service names (as per 1048 // RFC-6335 and http://www.iana.org/assignments/service-names). 1049 // Non-standard protocols should use prefixed names such as 1050 // mycompany.com/my-custom-protocol. 1051 // Field can be enabled with ServiceAppProtocol feature gate. 1052 // +optional 1053 optional string appProtocol = 4; 1054} 1055 1056// EndpointSubset is a group of addresses with a common set of ports. The 1057// expanded set of endpoints is the Cartesian product of Addresses x Ports. 1058// For example, given: 1059// { 1060// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], 1061// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] 1062// } 1063// The resulting set of endpoints can be viewed as: 1064// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], 1065// b: [ 10.10.1.1:309, 10.10.2.2:309 ] 1066message EndpointSubset { 1067 // IP addresses which offer the related ports that are marked as ready. These endpoints 1068 // should be considered safe for load balancers and clients to utilize. 1069 // +optional 1070 repeated EndpointAddress addresses = 1; 1071 1072 // IP addresses which offer the related ports but are not currently marked as ready 1073 // because they have not yet finished starting, have recently failed a readiness check, 1074 // or have recently failed a liveness check. 1075 // +optional 1076 repeated EndpointAddress notReadyAddresses = 2; 1077 1078 // Port numbers available on the related IP addresses. 1079 // +optional 1080 repeated EndpointPort ports = 3; 1081} 1082 1083// Endpoints is a collection of endpoints that implement the actual service. Example: 1084// Name: "mysvc", 1085// Subsets: [ 1086// { 1087// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], 1088// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] 1089// }, 1090// { 1091// Addresses: [{"ip": "10.10.3.3"}], 1092// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] 1093// }, 1094// ] 1095message Endpoints { 1096 // Standard object's metadata. 1097 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 1098 // +optional 1099 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1100 1101 // The set of all endpoints is the union of all subsets. Addresses are placed into 1102 // subsets according to the IPs they share. A single address with multiple ports, 1103 // some of which are ready and some of which are not (because they come from 1104 // different containers) will result in the address being displayed in different 1105 // subsets for the different ports. No address will appear in both Addresses and 1106 // NotReadyAddresses in the same subset. 1107 // Sets of addresses and ports that comprise a service. 1108 // +optional 1109 repeated EndpointSubset subsets = 2; 1110} 1111 1112// EndpointsList is a list of endpoints. 1113message EndpointsList { 1114 // Standard list metadata. 1115 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1116 // +optional 1117 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1118 1119 // List of endpoints. 1120 repeated Endpoints items = 2; 1121} 1122 1123// EnvFromSource represents the source of a set of ConfigMaps 1124message EnvFromSource { 1125 // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1126 // +optional 1127 optional string prefix = 1; 1128 1129 // The ConfigMap to select from 1130 // +optional 1131 optional ConfigMapEnvSource configMapRef = 2; 1132 1133 // The Secret to select from 1134 // +optional 1135 optional SecretEnvSource secretRef = 3; 1136} 1137 1138// EnvVar represents an environment variable present in a Container. 1139message EnvVar { 1140 // Name of the environment variable. Must be a C_IDENTIFIER. 1141 optional string name = 1; 1142 1143 // Variable references $(VAR_NAME) are expanded 1144 // using the previous defined environment variables in the container and 1145 // any service environment variables. If a variable cannot be resolved, 1146 // the reference in the input string will be unchanged. The $(VAR_NAME) 1147 // syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped 1148 // references will never be expanded, regardless of whether the variable 1149 // exists or not. 1150 // Defaults to "". 1151 // +optional 1152 optional string value = 2; 1153 1154 // Source for the environment variable's value. Cannot be used if value is not empty. 1155 // +optional 1156 optional EnvVarSource valueFrom = 3; 1157} 1158 1159// EnvVarSource represents a source for the value of an EnvVar. 1160message EnvVarSource { 1161 // Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, 1162 // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 1163 // +optional 1164 optional ObjectFieldSelector fieldRef = 1; 1165 1166 // Selects a resource of the container: only resources limits and requests 1167 // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 1168 // +optional 1169 optional ResourceFieldSelector resourceFieldRef = 2; 1170 1171 // Selects a key of a ConfigMap. 1172 // +optional 1173 optional ConfigMapKeySelector configMapKeyRef = 3; 1174 1175 // Selects a key of a secret in the pod's namespace 1176 // +optional 1177 optional SecretKeySelector secretKeyRef = 4; 1178} 1179 1180// An EphemeralContainer is a container that may be added temporarily to an existing pod for 1181// user-initiated activities such as debugging. Ephemeral containers have no resource or 1182// scheduling guarantees, and they will not be restarted when they exit or when a pod is 1183// removed or restarted. If an ephemeral container causes a pod to exceed its resource 1184// allocation, the pod may be evicted. 1185// Ephemeral containers may not be added by directly updating the pod spec. They must be added 1186// via the pod's ephemeralcontainers subresource, and they will appear in the pod spec 1187// once added. 1188// This is an alpha feature enabled by the EphemeralContainers feature flag. 1189message EphemeralContainer { 1190 // Ephemeral containers have all of the fields of Container, plus additional fields 1191 // specific to ephemeral containers. Fields in common with Container are in the 1192 // following inlined struct so than an EphemeralContainer may easily be converted 1193 // to a Container. 1194 optional EphemeralContainerCommon ephemeralContainerCommon = 1; 1195 1196 // If set, the name of the container from PodSpec that this ephemeral container targets. 1197 // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. 1198 // If not set then the ephemeral container is run in whatever namespaces are shared 1199 // for the pod. Note that the container runtime must support this feature. 1200 // +optional 1201 optional string targetContainerName = 2; 1202} 1203 1204// EphemeralContainerCommon is a copy of all fields in Container to be inlined in 1205// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer 1206// to Container and allows separate documentation for the fields of EphemeralContainer. 1207// When a new field is added to Container it must be added here as well. 1208message EphemeralContainerCommon { 1209 // Name of the ephemeral container specified as a DNS_LABEL. 1210 // This name must be unique among all containers, init containers and ephemeral containers. 1211 optional string name = 1; 1212 1213 // Docker image name. 1214 // More info: https://kubernetes.io/docs/concepts/containers/images 1215 optional string image = 2; 1216 1217 // Entrypoint array. Not executed within a shell. 1218 // The docker image's ENTRYPOINT is used if this is not provided. 1219 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 1220 // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax 1221 // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, 1222 // regardless of whether the variable exists or not. 1223 // Cannot be updated. 1224 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 1225 // +optional 1226 repeated string command = 3; 1227 1228 // Arguments to the entrypoint. 1229 // The docker image's CMD is used if this is not provided. 1230 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 1231 // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax 1232 // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, 1233 // regardless of whether the variable exists or not. 1234 // Cannot be updated. 1235 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 1236 // +optional 1237 repeated string args = 4; 1238 1239 // Container's working directory. 1240 // If not specified, the container runtime's default will be used, which 1241 // might be configured in the container image. 1242 // Cannot be updated. 1243 // +optional 1244 optional string workingDir = 5; 1245 1246 // Ports are not allowed for ephemeral containers. 1247 repeated ContainerPort ports = 6; 1248 1249 // List of sources to populate environment variables in the container. 1250 // The keys defined within a source must be a C_IDENTIFIER. All invalid keys 1251 // will be reported as an event when the container is starting. When a key exists in multiple 1252 // sources, the value associated with the last source will take precedence. 1253 // Values defined by an Env with a duplicate key will take precedence. 1254 // Cannot be updated. 1255 // +optional 1256 repeated EnvFromSource envFrom = 19; 1257 1258 // List of environment variables to set in the container. 1259 // Cannot be updated. 1260 // +optional 1261 // +patchMergeKey=name 1262 // +patchStrategy=merge 1263 repeated EnvVar env = 7; 1264 1265 // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources 1266 // already allocated to the pod. 1267 // +optional 1268 optional ResourceRequirements resources = 8; 1269 1270 // Pod volumes to mount into the container's filesystem. 1271 // Cannot be updated. 1272 // +optional 1273 // +patchMergeKey=mountPath 1274 // +patchStrategy=merge 1275 repeated VolumeMount volumeMounts = 9; 1276 1277 // volumeDevices is the list of block devices to be used by the container. 1278 // +patchMergeKey=devicePath 1279 // +patchStrategy=merge 1280 // +optional 1281 repeated VolumeDevice volumeDevices = 21; 1282 1283 // Probes are not allowed for ephemeral containers. 1284 // +optional 1285 optional Probe livenessProbe = 10; 1286 1287 // Probes are not allowed for ephemeral containers. 1288 // +optional 1289 optional Probe readinessProbe = 11; 1290 1291 // Probes are not allowed for ephemeral containers. 1292 // +optional 1293 optional Probe startupProbe = 22; 1294 1295 // Lifecycle is not allowed for ephemeral containers. 1296 // +optional 1297 optional Lifecycle lifecycle = 12; 1298 1299 // Optional: Path at which the file to which the container's termination message 1300 // will be written is mounted into the container's filesystem. 1301 // Message written is intended to be brief final status, such as an assertion failure message. 1302 // Will be truncated by the node if greater than 4096 bytes. The total message length across 1303 // all containers will be limited to 12kb. 1304 // Defaults to /dev/termination-log. 1305 // Cannot be updated. 1306 // +optional 1307 optional string terminationMessagePath = 13; 1308 1309 // Indicate how the termination message should be populated. File will use the contents of 1310 // terminationMessagePath to populate the container status message on both success and failure. 1311 // FallbackToLogsOnError will use the last chunk of container log output if the termination 1312 // message file is empty and the container exited with an error. 1313 // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 1314 // Defaults to File. 1315 // Cannot be updated. 1316 // +optional 1317 optional string terminationMessagePolicy = 20; 1318 1319 // Image pull policy. 1320 // One of Always, Never, IfNotPresent. 1321 // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 1322 // Cannot be updated. 1323 // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 1324 // +optional 1325 optional string imagePullPolicy = 14; 1326 1327 // SecurityContext is not allowed for ephemeral containers. 1328 // +optional 1329 optional SecurityContext securityContext = 15; 1330 1331 // Whether this container should allocate a buffer for stdin in the container runtime. If this 1332 // is not set, reads from stdin in the container will always result in EOF. 1333 // Default is false. 1334 // +optional 1335 optional bool stdin = 16; 1336 1337 // Whether the container runtime should close the stdin channel after it has been opened by 1338 // a single attach. When stdin is true the stdin stream will remain open across multiple attach 1339 // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 1340 // first client attaches to stdin, and then remains open and accepts data until the client disconnects, 1341 // at which time stdin is closed and remains closed until the container is restarted. If this 1342 // flag is false, a container processes that reads from stdin will never receive an EOF. 1343 // Default is false 1344 // +optional 1345 optional bool stdinOnce = 17; 1346 1347 // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 1348 // Default is false. 1349 // +optional 1350 optional bool tty = 18; 1351} 1352 1353// A list of ephemeral containers used with the Pod ephemeralcontainers subresource. 1354message EphemeralContainers { 1355 // +optional 1356 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1357 1358 // A list of ephemeral containers associated with this pod. New ephemeral containers 1359 // may be appended to this list, but existing ephemeral containers may not be removed 1360 // or modified. 1361 // +patchMergeKey=name 1362 // +patchStrategy=merge 1363 repeated EphemeralContainer ephemeralContainers = 2; 1364} 1365 1366// Event is a report of an event somewhere in the cluster. 1367message Event { 1368 // Standard object's metadata. 1369 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 1370 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1371 1372 // The object that this event is about. 1373 optional ObjectReference involvedObject = 2; 1374 1375 // This should be a short, machine understandable string that gives the reason 1376 // for the transition into the object's current status. 1377 // TODO: provide exact specification for format. 1378 // +optional 1379 optional string reason = 3; 1380 1381 // A human-readable description of the status of this operation. 1382 // TODO: decide on maximum length. 1383 // +optional 1384 optional string message = 4; 1385 1386 // The component reporting this event. Should be a short machine understandable string. 1387 // +optional 1388 optional EventSource source = 5; 1389 1390 // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) 1391 // +optional 1392 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time firstTimestamp = 6; 1393 1394 // The time at which the most recent occurrence of this event was recorded. 1395 // +optional 1396 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTimestamp = 7; 1397 1398 // The number of times this event has occurred. 1399 // +optional 1400 optional int32 count = 8; 1401 1402 // Type of this event (Normal, Warning), new types could be added in the future 1403 // +optional 1404 optional string type = 9; 1405 1406 // Time when this Event was first observed. 1407 // +optional 1408 optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime eventTime = 10; 1409 1410 // Data about the Event series this event represents or nil if it's a singleton Event. 1411 // +optional 1412 optional EventSeries series = 11; 1413 1414 // What action was taken/failed regarding to the Regarding object. 1415 // +optional 1416 optional string action = 12; 1417 1418 // Optional secondary object for more complex actions. 1419 // +optional 1420 optional ObjectReference related = 13; 1421 1422 // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. 1423 // +optional 1424 optional string reportingComponent = 14; 1425 1426 // ID of the controller instance, e.g. `kubelet-xyzf`. 1427 // +optional 1428 optional string reportingInstance = 15; 1429} 1430 1431// EventList is a list of events. 1432message EventList { 1433 // Standard list metadata. 1434 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1435 // +optional 1436 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1437 1438 // List of events 1439 repeated Event items = 2; 1440} 1441 1442// EventSeries contain information on series of events, i.e. thing that was/is happening 1443// continuously for some time. 1444message EventSeries { 1445 // Number of occurrences in this series up to the last heartbeat time 1446 optional int32 count = 1; 1447 1448 // Time of the last occurrence observed 1449 optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime lastObservedTime = 2; 1450 1451 // State of this Series: Ongoing or Finished 1452 // Deprecated. Planned removal for 1.18 1453 optional string state = 3; 1454} 1455 1456// EventSource contains information for an event. 1457message EventSource { 1458 // Component from which the event is generated. 1459 // +optional 1460 optional string component = 1; 1461 1462 // Node name on which the event is generated. 1463 // +optional 1464 optional string host = 2; 1465} 1466 1467// ExecAction describes a "run in container" action. 1468message ExecAction { 1469 // Command is the command line to execute inside the container, the working directory for the 1470 // command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1471 // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1472 // a shell, you need to explicitly call out to that shell. 1473 // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1474 // +optional 1475 repeated string command = 1; 1476} 1477 1478// Represents a Fibre Channel volume. 1479// Fibre Channel volumes can only be mounted as read/write once. 1480// Fibre Channel volumes support ownership management and SELinux relabeling. 1481message FCVolumeSource { 1482 // Optional: FC target worldwide names (WWNs) 1483 // +optional 1484 repeated string targetWWNs = 1; 1485 1486 // Optional: FC target lun number 1487 // +optional 1488 optional int32 lun = 2; 1489 1490 // Filesystem type to mount. 1491 // Must be a filesystem type supported by the host operating system. 1492 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 1493 // TODO: how do we prevent errors in the filesystem from compromising the machine 1494 // +optional 1495 optional string fsType = 3; 1496 1497 // Optional: Defaults to false (read/write). ReadOnly here will force 1498 // the ReadOnly setting in VolumeMounts. 1499 // +optional 1500 optional bool readOnly = 4; 1501 1502 // Optional: FC volume world wide identifiers (wwids) 1503 // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. 1504 // +optional 1505 repeated string wwids = 5; 1506} 1507 1508// FlexPersistentVolumeSource represents a generic persistent volume resource that is 1509// provisioned/attached using an exec based plugin. 1510message FlexPersistentVolumeSource { 1511 // Driver is the name of the driver to use for this volume. 1512 optional string driver = 1; 1513 1514 // Filesystem type to mount. 1515 // Must be a filesystem type supported by the host operating system. 1516 // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 1517 // +optional 1518 optional string fsType = 2; 1519 1520 // Optional: SecretRef is reference to the secret object containing 1521 // sensitive information to pass to the plugin scripts. This may be 1522 // empty if no secret object is specified. If the secret object 1523 // contains more than one secret, all secrets are passed to the plugin 1524 // scripts. 1525 // +optional 1526 optional SecretReference secretRef = 3; 1527 1528 // Optional: Defaults to false (read/write). ReadOnly here will force 1529 // the ReadOnly setting in VolumeMounts. 1530 // +optional 1531 optional bool readOnly = 4; 1532 1533 // Optional: Extra command options if any. 1534 // +optional 1535 map<string, string> options = 5; 1536} 1537 1538// FlexVolume represents a generic volume resource that is 1539// provisioned/attached using an exec based plugin. 1540message FlexVolumeSource { 1541 // Driver is the name of the driver to use for this volume. 1542 optional string driver = 1; 1543 1544 // Filesystem type to mount. 1545 // Must be a filesystem type supported by the host operating system. 1546 // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 1547 // +optional 1548 optional string fsType = 2; 1549 1550 // Optional: SecretRef is reference to the secret object containing 1551 // sensitive information to pass to the plugin scripts. This may be 1552 // empty if no secret object is specified. If the secret object 1553 // contains more than one secret, all secrets are passed to the plugin 1554 // scripts. 1555 // +optional 1556 optional LocalObjectReference secretRef = 3; 1557 1558 // Optional: Defaults to false (read/write). ReadOnly here will force 1559 // the ReadOnly setting in VolumeMounts. 1560 // +optional 1561 optional bool readOnly = 4; 1562 1563 // Optional: Extra command options if any. 1564 // +optional 1565 map<string, string> options = 5; 1566} 1567 1568// Represents a Flocker volume mounted by the Flocker agent. 1569// One and only one of datasetName and datasetUUID should be set. 1570// Flocker volumes do not support ownership management or SELinux relabeling. 1571message FlockerVolumeSource { 1572 // Name of the dataset stored as metadata -> name on the dataset for Flocker 1573 // should be considered as deprecated 1574 // +optional 1575 optional string datasetName = 1; 1576 1577 // UUID of the dataset. This is unique identifier of a Flocker dataset 1578 // +optional 1579 optional string datasetUUID = 2; 1580} 1581 1582// Represents a Persistent Disk resource in Google Compute Engine. 1583// 1584// A GCE PD must exist before mounting to a container. The disk must 1585// also be in the same GCE project and zone as the kubelet. A GCE PD 1586// can only be mounted as read/write once or read-only many times. GCE 1587// PDs support ownership management and SELinux relabeling. 1588message GCEPersistentDiskVolumeSource { 1589 // Unique name of the PD resource in GCE. Used to identify the disk in GCE. 1590 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 1591 optional string pdName = 1; 1592 1593 // Filesystem type of the volume that you want to mount. 1594 // Tip: Ensure that the filesystem type is supported by the host operating system. 1595 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 1596 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 1597 // TODO: how do we prevent errors in the filesystem from compromising the machine 1598 // +optional 1599 optional string fsType = 2; 1600 1601 // The partition in the volume that you want to mount. 1602 // If omitted, the default is to mount by volume name. 1603 // Examples: For volume /dev/sda1, you specify the partition as "1". 1604 // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 1605 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 1606 // +optional 1607 optional int32 partition = 3; 1608 1609 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 1610 // Defaults to false. 1611 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 1612 // +optional 1613 optional bool readOnly = 4; 1614} 1615 1616// Represents a volume that is populated with the contents of a git repository. 1617// Git repo volumes do not support ownership management. 1618// Git repo volumes support SELinux relabeling. 1619// 1620// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an 1621// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir 1622// into the Pod's container. 1623message GitRepoVolumeSource { 1624 // Repository URL 1625 optional string repository = 1; 1626 1627 // Commit hash for the specified revision. 1628 // +optional 1629 optional string revision = 2; 1630 1631 // Target directory name. 1632 // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the 1633 // git repository. Otherwise, if specified, the volume will contain the git repository in 1634 // the subdirectory with the given name. 1635 // +optional 1636 optional string directory = 3; 1637} 1638 1639// Represents a Glusterfs mount that lasts the lifetime of a pod. 1640// Glusterfs volumes do not support ownership management or SELinux relabeling. 1641message GlusterfsPersistentVolumeSource { 1642 // EndpointsName is the endpoint name that details Glusterfs topology. 1643 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 1644 optional string endpoints = 1; 1645 1646 // Path is the Glusterfs volume path. 1647 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 1648 optional string path = 2; 1649 1650 // ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. 1651 // Defaults to false. 1652 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 1653 // +optional 1654 optional bool readOnly = 3; 1655 1656 // EndpointsNamespace is the namespace that contains Glusterfs endpoint. 1657 // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. 1658 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 1659 // +optional 1660 optional string endpointsNamespace = 4; 1661} 1662 1663// Represents a Glusterfs mount that lasts the lifetime of a pod. 1664// Glusterfs volumes do not support ownership management or SELinux relabeling. 1665message GlusterfsVolumeSource { 1666 // EndpointsName is the endpoint name that details Glusterfs topology. 1667 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 1668 optional string endpoints = 1; 1669 1670 // Path is the Glusterfs volume path. 1671 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 1672 optional string path = 2; 1673 1674 // ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. 1675 // Defaults to false. 1676 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 1677 // +optional 1678 optional bool readOnly = 3; 1679} 1680 1681// HTTPGetAction describes an action based on HTTP Get requests. 1682message HTTPGetAction { 1683 // Path to access on the HTTP server. 1684 // +optional 1685 optional string path = 1; 1686 1687 // Name or number of the port to access on the container. 1688 // Number must be in the range 1 to 65535. 1689 // Name must be an IANA_SVC_NAME. 1690 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2; 1691 1692 // Host name to connect to, defaults to the pod IP. You probably want to set 1693 // "Host" in httpHeaders instead. 1694 // +optional 1695 optional string host = 3; 1696 1697 // Scheme to use for connecting to the host. 1698 // Defaults to HTTP. 1699 // +optional 1700 optional string scheme = 4; 1701 1702 // Custom headers to set in the request. HTTP allows repeated headers. 1703 // +optional 1704 repeated HTTPHeader httpHeaders = 5; 1705} 1706 1707// HTTPHeader describes a custom header to be used in HTTP probes 1708message HTTPHeader { 1709 // The header field name 1710 optional string name = 1; 1711 1712 // The header field value 1713 optional string value = 2; 1714} 1715 1716// Handler defines a specific action that should be taken 1717// TODO: pass structured data to these actions, and document that data here. 1718message Handler { 1719 // One and only one of the following should be specified. 1720 // Exec specifies the action to take. 1721 // +optional 1722 optional ExecAction exec = 1; 1723 1724 // HTTPGet specifies the http request to perform. 1725 // +optional 1726 optional HTTPGetAction httpGet = 2; 1727 1728 // TCPSocket specifies an action involving a TCP port. 1729 // TCP hooks not yet supported 1730 // TODO: implement a realistic TCP lifecycle hook 1731 // +optional 1732 optional TCPSocketAction tcpSocket = 3; 1733} 1734 1735// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the 1736// pod's hosts file. 1737message HostAlias { 1738 // IP address of the host file entry. 1739 optional string ip = 1; 1740 1741 // Hostnames for the above IP address. 1742 repeated string hostnames = 2; 1743} 1744 1745// Represents a host path mapped into a pod. 1746// Host path volumes do not support ownership management or SELinux relabeling. 1747message HostPathVolumeSource { 1748 // Path of the directory on the host. 1749 // If the path is a symlink, it will follow the link to the real path. 1750 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 1751 optional string path = 1; 1752 1753 // Type for HostPath Volume 1754 // Defaults to "" 1755 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 1756 // +optional 1757 optional string type = 2; 1758} 1759 1760// ISCSIPersistentVolumeSource represents an ISCSI disk. 1761// ISCSI volumes can only be mounted as read/write once. 1762// ISCSI volumes support ownership management and SELinux relabeling. 1763message ISCSIPersistentVolumeSource { 1764 // iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port 1765 // is other than default (typically TCP ports 860 and 3260). 1766 optional string targetPortal = 1; 1767 1768 // Target iSCSI Qualified Name. 1769 optional string iqn = 2; 1770 1771 // iSCSI Target Lun number. 1772 optional int32 lun = 3; 1773 1774 // iSCSI Interface Name that uses an iSCSI transport. 1775 // Defaults to 'default' (tcp). 1776 // +optional 1777 optional string iscsiInterface = 4; 1778 1779 // Filesystem type of the volume that you want to mount. 1780 // Tip: Ensure that the filesystem type is supported by the host operating system. 1781 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 1782 // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 1783 // TODO: how do we prevent errors in the filesystem from compromising the machine 1784 // +optional 1785 optional string fsType = 5; 1786 1787 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 1788 // Defaults to false. 1789 // +optional 1790 optional bool readOnly = 6; 1791 1792 // iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port 1793 // is other than default (typically TCP ports 860 and 3260). 1794 // +optional 1795 repeated string portals = 7; 1796 1797 // whether support iSCSI Discovery CHAP authentication 1798 // +optional 1799 optional bool chapAuthDiscovery = 8; 1800 1801 // whether support iSCSI Session CHAP authentication 1802 // +optional 1803 optional bool chapAuthSession = 11; 1804 1805 // CHAP Secret for iSCSI target and initiator authentication 1806 // +optional 1807 optional SecretReference secretRef = 10; 1808 1809 // Custom iSCSI Initiator Name. 1810 // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface 1811 // <target portal>:<volume name> will be created for the connection. 1812 // +optional 1813 optional string initiatorName = 12; 1814} 1815 1816// Represents an ISCSI disk. 1817// ISCSI volumes can only be mounted as read/write once. 1818// ISCSI volumes support ownership management and SELinux relabeling. 1819message ISCSIVolumeSource { 1820 // iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port 1821 // is other than default (typically TCP ports 860 and 3260). 1822 optional string targetPortal = 1; 1823 1824 // Target iSCSI Qualified Name. 1825 optional string iqn = 2; 1826 1827 // iSCSI Target Lun number. 1828 optional int32 lun = 3; 1829 1830 // iSCSI Interface Name that uses an iSCSI transport. 1831 // Defaults to 'default' (tcp). 1832 // +optional 1833 optional string iscsiInterface = 4; 1834 1835 // Filesystem type of the volume that you want to mount. 1836 // Tip: Ensure that the filesystem type is supported by the host operating system. 1837 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 1838 // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 1839 // TODO: how do we prevent errors in the filesystem from compromising the machine 1840 // +optional 1841 optional string fsType = 5; 1842 1843 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 1844 // Defaults to false. 1845 // +optional 1846 optional bool readOnly = 6; 1847 1848 // iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port 1849 // is other than default (typically TCP ports 860 and 3260). 1850 // +optional 1851 repeated string portals = 7; 1852 1853 // whether support iSCSI Discovery CHAP authentication 1854 // +optional 1855 optional bool chapAuthDiscovery = 8; 1856 1857 // whether support iSCSI Session CHAP authentication 1858 // +optional 1859 optional bool chapAuthSession = 11; 1860 1861 // CHAP Secret for iSCSI target and initiator authentication 1862 // +optional 1863 optional LocalObjectReference secretRef = 10; 1864 1865 // Custom iSCSI Initiator Name. 1866 // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface 1867 // <target portal>:<volume name> will be created for the connection. 1868 // +optional 1869 optional string initiatorName = 12; 1870} 1871 1872// Maps a string key to a path within a volume. 1873message KeyToPath { 1874 // The key to project. 1875 optional string key = 1; 1876 1877 // The relative path of the file to map the key to. 1878 // May not be an absolute path. 1879 // May not contain the path element '..'. 1880 // May not start with the string '..'. 1881 optional string path = 2; 1882 1883 // Optional: mode bits to use on this file, must be a value between 0 1884 // and 0777. If not specified, the volume defaultMode will be used. 1885 // This might be in conflict with other options that affect the file 1886 // mode, like fsGroup, and the result can be other mode bits set. 1887 // +optional 1888 optional int32 mode = 3; 1889} 1890 1891// Lifecycle describes actions that the management system should take in response to container lifecycle 1892// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks 1893// until the action is complete, unless the container process fails, in which case the handler is aborted. 1894message Lifecycle { 1895 // PostStart is called immediately after a container is created. If the handler fails, 1896 // the container is terminated and restarted according to its restart policy. 1897 // Other management of the container blocks until the hook completes. 1898 // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1899 // +optional 1900 optional Handler postStart = 1; 1901 1902 // PreStop is called immediately before a container is terminated due to an 1903 // API request or management event such as liveness/startup probe failure, 1904 // preemption, resource contention, etc. The handler is not called if the 1905 // container crashes or exits. The reason for termination is passed to the 1906 // handler. The Pod's termination grace period countdown begins before the 1907 // PreStop hooked is executed. Regardless of the outcome of the handler, the 1908 // container will eventually terminate within the Pod's termination grace 1909 // period. Other management of the container blocks until the hook completes 1910 // or until the termination grace period is reached. 1911 // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1912 // +optional 1913 optional Handler preStop = 2; 1914} 1915 1916// LimitRange sets resource usage limits for each kind of resource in a Namespace. 1917message LimitRange { 1918 // Standard object's metadata. 1919 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 1920 // +optional 1921 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1922 1923 // Spec defines the limits enforced. 1924 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 1925 // +optional 1926 optional LimitRangeSpec spec = 2; 1927} 1928 1929// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. 1930message LimitRangeItem { 1931 // Type of resource that this limit applies to. 1932 optional string type = 1; 1933 1934 // Max usage constraints on this kind by resource name. 1935 // +optional 1936 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> max = 2; 1937 1938 // Min usage constraints on this kind by resource name. 1939 // +optional 1940 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> min = 3; 1941 1942 // Default resource requirement limit value by resource name if resource limit is omitted. 1943 // +optional 1944 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> default = 4; 1945 1946 // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. 1947 // +optional 1948 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> defaultRequest = 5; 1949 1950 // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. 1951 // +optional 1952 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> maxLimitRequestRatio = 6; 1953} 1954 1955// LimitRangeList is a list of LimitRange items. 1956message LimitRangeList { 1957 // Standard list metadata. 1958 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1959 // +optional 1960 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1961 1962 // Items is a list of LimitRange objects. 1963 // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ 1964 repeated LimitRange items = 2; 1965} 1966 1967// LimitRangeSpec defines a min/max usage limit for resources that match on kind. 1968message LimitRangeSpec { 1969 // Limits is the list of LimitRangeItem objects that are enforced. 1970 repeated LimitRangeItem limits = 1; 1971} 1972 1973// List holds a list of objects, which may not be known by the server. 1974message List { 1975 // Standard list metadata. 1976 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1977 // +optional 1978 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1979 1980 // List of objects 1981 repeated k8s.io.apimachinery.pkg.runtime.RawExtension items = 2; 1982} 1983 1984// LoadBalancerIngress represents the status of a load-balancer ingress point: 1985// traffic intended for the service should be sent to an ingress point. 1986message LoadBalancerIngress { 1987 // IP is set for load-balancer ingress points that are IP based 1988 // (typically GCE or OpenStack load-balancers) 1989 // +optional 1990 optional string ip = 1; 1991 1992 // Hostname is set for load-balancer ingress points that are DNS based 1993 // (typically AWS load-balancers) 1994 // +optional 1995 optional string hostname = 2; 1996} 1997 1998// LoadBalancerStatus represents the status of a load-balancer. 1999message LoadBalancerStatus { 2000 // Ingress is a list containing ingress points for the load-balancer. 2001 // Traffic intended for the service should be sent to these ingress points. 2002 // +optional 2003 repeated LoadBalancerIngress ingress = 1; 2004} 2005 2006// LocalObjectReference contains enough information to let you locate the 2007// referenced object inside the same namespace. 2008message LocalObjectReference { 2009 // Name of the referent. 2010 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2011 // TODO: Add other useful fields. apiVersion, kind, uid? 2012 // +optional 2013 optional string name = 1; 2014} 2015 2016// Local represents directly-attached storage with node affinity (Beta feature) 2017message LocalVolumeSource { 2018 // The full path to the volume on the node. 2019 // It can be either a directory or block device (disk, partition, ...). 2020 optional string path = 1; 2021 2022 // Filesystem type to mount. 2023 // It applies only when the Path is a block device. 2024 // Must be a filesystem type supported by the host operating system. 2025 // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a fileystem if unspecified. 2026 // +optional 2027 optional string fsType = 2; 2028} 2029 2030// Represents an NFS mount that lasts the lifetime of a pod. 2031// NFS volumes do not support ownership management or SELinux relabeling. 2032message NFSVolumeSource { 2033 // Server is the hostname or IP address of the NFS server. 2034 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 2035 optional string server = 1; 2036 2037 // Path that is exported by the NFS server. 2038 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 2039 optional string path = 2; 2040 2041 // ReadOnly here will force 2042 // the NFS export to be mounted with read-only permissions. 2043 // Defaults to false. 2044 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 2045 // +optional 2046 optional bool readOnly = 3; 2047} 2048 2049// Namespace provides a scope for Names. 2050// Use of multiple namespaces is optional. 2051message Namespace { 2052 // Standard object's metadata. 2053 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 2054 // +optional 2055 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 2056 2057 // Spec defines the behavior of the Namespace. 2058 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 2059 // +optional 2060 optional NamespaceSpec spec = 2; 2061 2062 // Status describes the current status of a Namespace. 2063 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 2064 // +optional 2065 optional NamespaceStatus status = 3; 2066} 2067 2068// NamespaceCondition contains details about state of namespace. 2069message NamespaceCondition { 2070 // Type of namespace controller condition. 2071 optional string type = 1; 2072 2073 // Status of the condition, one of True, False, Unknown. 2074 optional string status = 2; 2075 2076 // +optional 2077 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; 2078 2079 // +optional 2080 optional string reason = 5; 2081 2082 // +optional 2083 optional string message = 6; 2084} 2085 2086// NamespaceList is a list of Namespaces. 2087message NamespaceList { 2088 // Standard list metadata. 2089 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2090 // +optional 2091 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 2092 2093 // Items is the list of Namespace objects in the list. 2094 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 2095 repeated Namespace items = 2; 2096} 2097 2098// NamespaceSpec describes the attributes on a Namespace. 2099message NamespaceSpec { 2100 // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. 2101 // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ 2102 // +optional 2103 repeated string finalizers = 1; 2104} 2105 2106// NamespaceStatus is information about the current status of a Namespace. 2107message NamespaceStatus { 2108 // Phase is the current lifecycle phase of the namespace. 2109 // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ 2110 // +optional 2111 optional string phase = 1; 2112 2113 // Represents the latest available observations of a namespace's current state. 2114 // +optional 2115 // +patchMergeKey=type 2116 // +patchStrategy=merge 2117 repeated NamespaceCondition conditions = 2; 2118} 2119 2120// Node is a worker node in Kubernetes. 2121// Each node will have a unique identifier in the cache (i.e. in etcd). 2122message Node { 2123 // Standard object's metadata. 2124 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 2125 // +optional 2126 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 2127 2128 // Spec defines the behavior of a node. 2129 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 2130 // +optional 2131 optional NodeSpec spec = 2; 2132 2133 // Most recently observed status of the node. 2134 // Populated by the system. 2135 // Read-only. 2136 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 2137 // +optional 2138 optional NodeStatus status = 3; 2139} 2140 2141// NodeAddress contains information for the node's address. 2142message NodeAddress { 2143 // Node address type, one of Hostname, ExternalIP or InternalIP. 2144 optional string type = 1; 2145 2146 // The node address. 2147 optional string address = 2; 2148} 2149 2150// Node affinity is a group of node affinity scheduling rules. 2151message NodeAffinity { 2152 // If the affinity requirements specified by this field are not met at 2153 // scheduling time, the pod will not be scheduled onto the node. 2154 // If the affinity requirements specified by this field cease to be met 2155 // at some point during pod execution (e.g. due to an update), the system 2156 // may or may not try to eventually evict the pod from its node. 2157 // +optional 2158 optional NodeSelector requiredDuringSchedulingIgnoredDuringExecution = 1; 2159 2160 // The scheduler will prefer to schedule pods to nodes that satisfy 2161 // the affinity expressions specified by this field, but it may choose 2162 // a node that violates one or more of the expressions. The node that is 2163 // most preferred is the one with the greatest sum of weights, i.e. 2164 // for each node that meets all of the scheduling requirements (resource 2165 // request, requiredDuringScheduling affinity expressions, etc.), 2166 // compute a sum by iterating through the elements of this field and adding 2167 // "weight" to the sum if the node matches the corresponding matchExpressions; the 2168 // node(s) with the highest sum are the most preferred. 2169 // +optional 2170 repeated PreferredSchedulingTerm preferredDuringSchedulingIgnoredDuringExecution = 2; 2171} 2172 2173// NodeCondition contains condition information for a node. 2174message NodeCondition { 2175 // Type of node condition. 2176 optional string type = 1; 2177 2178 // Status of the condition, one of True, False, Unknown. 2179 optional string status = 2; 2180 2181 // Last time we got an update on a given condition. 2182 // +optional 2183 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastHeartbeatTime = 3; 2184 2185 // Last time the condition transit from one status to another. 2186 // +optional 2187 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; 2188 2189 // (brief) reason for the condition's last transition. 2190 // +optional 2191 optional string reason = 5; 2192 2193 // Human readable message indicating details about last transition. 2194 // +optional 2195 optional string message = 6; 2196} 2197 2198// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. 2199message NodeConfigSource { 2200 // ConfigMap is a reference to a Node's ConfigMap 2201 optional ConfigMapNodeConfigSource configMap = 2; 2202} 2203 2204// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. 2205message NodeConfigStatus { 2206 // Assigned reports the checkpointed config the node will try to use. 2207 // When Node.Spec.ConfigSource is updated, the node checkpoints the associated 2208 // config payload to local disk, along with a record indicating intended 2209 // config. The node refers to this record to choose its config checkpoint, and 2210 // reports this record in Assigned. Assigned only updates in the status after 2211 // the record has been checkpointed to disk. When the Kubelet is restarted, 2212 // it tries to make the Assigned config the Active config by loading and 2213 // validating the checkpointed payload identified by Assigned. 2214 // +optional 2215 optional NodeConfigSource assigned = 1; 2216 2217 // Active reports the checkpointed config the node is actively using. 2218 // Active will represent either the current version of the Assigned config, 2219 // or the current LastKnownGood config, depending on whether attempting to use the 2220 // Assigned config results in an error. 2221 // +optional 2222 optional NodeConfigSource active = 2; 2223 2224 // LastKnownGood reports the checkpointed config the node will fall back to 2225 // when it encounters an error attempting to use the Assigned config. 2226 // The Assigned config becomes the LastKnownGood config when the node determines 2227 // that the Assigned config is stable and correct. 2228 // This is currently implemented as a 10-minute soak period starting when the local 2229 // record of Assigned config is updated. If the Assigned config is Active at the end 2230 // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is 2231 // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, 2232 // because the local default config is always assumed good. 2233 // You should not make assumptions about the node's method of determining config stability 2234 // and correctness, as this may change or become configurable in the future. 2235 // +optional 2236 optional NodeConfigSource lastKnownGood = 3; 2237 2238 // Error describes any problems reconciling the Spec.ConfigSource to the Active config. 2239 // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned 2240 // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting 2241 // to load or validate the Assigned config, etc. 2242 // Errors may occur at different points while syncing config. Earlier errors (e.g. download or 2243 // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across 2244 // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in 2245 // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error 2246 // by fixing the config assigned in Spec.ConfigSource. 2247 // You can find additional information for debugging by searching the error message in the Kubelet log. 2248 // Error is a human-readable description of the error state; machines can check whether or not Error 2249 // is empty, but should not rely on the stability of the Error text across Kubelet versions. 2250 // +optional 2251 optional string error = 4; 2252} 2253 2254// NodeDaemonEndpoints lists ports opened by daemons running on the Node. 2255message NodeDaemonEndpoints { 2256 // Endpoint on which Kubelet is listening. 2257 // +optional 2258 optional DaemonEndpoint kubeletEndpoint = 1; 2259} 2260 2261// NodeList is the whole list of all Nodes which have been registered with master. 2262message NodeList { 2263 // Standard list metadata. 2264 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2265 // +optional 2266 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 2267 2268 // List of nodes 2269 repeated Node items = 2; 2270} 2271 2272// NodeProxyOptions is the query options to a Node's proxy call. 2273message NodeProxyOptions { 2274 // Path is the URL path to use for the current proxy request to node. 2275 // +optional 2276 optional string path = 1; 2277} 2278 2279// NodeResources is an object for conveying resource information about a node. 2280// see http://releases.k8s.io/HEAD/docs/design/resources.md for more details. 2281message NodeResources { 2282 // Capacity represents the available resources of a node 2283 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 1; 2284} 2285 2286// A node selector represents the union of the results of one or more label queries 2287// over a set of nodes; that is, it represents the OR of the selectors represented 2288// by the node selector terms. 2289message NodeSelector { 2290 // Required. A list of node selector terms. The terms are ORed. 2291 repeated NodeSelectorTerm nodeSelectorTerms = 1; 2292} 2293 2294// A node selector requirement is a selector that contains values, a key, and an operator 2295// that relates the key and values. 2296message NodeSelectorRequirement { 2297 // The label key that the selector applies to. 2298 optional string key = 1; 2299 2300 // Represents a key's relationship to a set of values. 2301 // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 2302 optional string operator = 2; 2303 2304 // An array of string values. If the operator is In or NotIn, 2305 // the values array must be non-empty. If the operator is Exists or DoesNotExist, 2306 // the values array must be empty. If the operator is Gt or Lt, the values 2307 // array must have a single element, which will be interpreted as an integer. 2308 // This array is replaced during a strategic merge patch. 2309 // +optional 2310 repeated string values = 3; 2311} 2312 2313// A null or empty node selector term matches no objects. The requirements of 2314// them are ANDed. 2315// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 2316message NodeSelectorTerm { 2317 // A list of node selector requirements by node's labels. 2318 // +optional 2319 repeated NodeSelectorRequirement matchExpressions = 1; 2320 2321 // A list of node selector requirements by node's fields. 2322 // +optional 2323 repeated NodeSelectorRequirement matchFields = 2; 2324} 2325 2326// NodeSpec describes the attributes that a node is created with. 2327message NodeSpec { 2328 // PodCIDR represents the pod IP range assigned to the node. 2329 // +optional 2330 optional string podCIDR = 1; 2331 2332 // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this 2333 // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for 2334 // each of IPv4 and IPv6. 2335 // +optional 2336 // +patchStrategy=merge 2337 repeated string podCIDRs = 7; 2338 2339 // ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID> 2340 // +optional 2341 optional string providerID = 3; 2342 2343 // Unschedulable controls node schedulability of new pods. By default, node is schedulable. 2344 // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration 2345 // +optional 2346 optional bool unschedulable = 4; 2347 2348 // If specified, the node's taints. 2349 // +optional 2350 repeated Taint taints = 5; 2351 2352 // If specified, the source to get node configuration from 2353 // The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field 2354 // +optional 2355 optional NodeConfigSource configSource = 6; 2356 2357 // Deprecated. Not all kubelets will set this field. Remove field after 1.13. 2358 // see: https://issues.k8s.io/61966 2359 // +optional 2360 optional string externalID = 2; 2361} 2362 2363// NodeStatus is information about the current status of a node. 2364message NodeStatus { 2365 // Capacity represents the total resources of a node. 2366 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity 2367 // +optional 2368 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 1; 2369 2370 // Allocatable represents the resources of a node that are available for scheduling. 2371 // Defaults to Capacity. 2372 // +optional 2373 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> allocatable = 2; 2374 2375 // NodePhase is the recently observed lifecycle phase of the node. 2376 // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase 2377 // The field is never populated, and now is deprecated. 2378 // +optional 2379 optional string phase = 3; 2380 2381 // Conditions is an array of current observed node conditions. 2382 // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition 2383 // +optional 2384 // +patchMergeKey=type 2385 // +patchStrategy=merge 2386 repeated NodeCondition conditions = 4; 2387 2388 // List of addresses reachable to the node. 2389 // Queried from cloud provider, if available. 2390 // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses 2391 // Note: This field is declared as mergeable, but the merge key is not sufficiently 2392 // unique, which can cause data corruption when it is merged. Callers should instead 2393 // use a full-replacement patch. See http://pr.k8s.io/79391 for an example. 2394 // +optional 2395 // +patchMergeKey=type 2396 // +patchStrategy=merge 2397 repeated NodeAddress addresses = 5; 2398 2399 // Endpoints of daemons running on the Node. 2400 // +optional 2401 optional NodeDaemonEndpoints daemonEndpoints = 6; 2402 2403 // Set of ids/uuids to uniquely identify the node. 2404 // More info: https://kubernetes.io/docs/concepts/nodes/node/#info 2405 // +optional 2406 optional NodeSystemInfo nodeInfo = 7; 2407 2408 // List of container images on this node 2409 // +optional 2410 repeated ContainerImage images = 8; 2411 2412 // List of attachable volumes in use (mounted) by the node. 2413 // +optional 2414 repeated string volumesInUse = 9; 2415 2416 // List of volumes that are attached to the node. 2417 // +optional 2418 repeated AttachedVolume volumesAttached = 10; 2419 2420 // Status of the config assigned to the node via the dynamic Kubelet config feature. 2421 // +optional 2422 optional NodeConfigStatus config = 11; 2423} 2424 2425// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. 2426message NodeSystemInfo { 2427 // MachineID reported by the node. For unique machine identification 2428 // in the cluster this field is preferred. Learn more from man(5) 2429 // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html 2430 optional string machineID = 1; 2431 2432 // SystemUUID reported by the node. For unique machine identification 2433 // MachineID is preferred. This field is specific to Red Hat hosts 2434 // https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/getting-system-uuid.html 2435 optional string systemUUID = 2; 2436 2437 // Boot ID reported by the node. 2438 optional string bootID = 3; 2439 2440 // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). 2441 optional string kernelVersion = 4; 2442 2443 // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). 2444 optional string osImage = 5; 2445 2446 // ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0). 2447 optional string containerRuntimeVersion = 6; 2448 2449 // Kubelet Version reported by the node. 2450 optional string kubeletVersion = 7; 2451 2452 // KubeProxy Version reported by the node. 2453 optional string kubeProxyVersion = 8; 2454 2455 // The Operating System reported by the node 2456 optional string operatingSystem = 9; 2457 2458 // The Architecture reported by the node 2459 optional string architecture = 10; 2460} 2461 2462// ObjectFieldSelector selects an APIVersioned field of an object. 2463message ObjectFieldSelector { 2464 // Version of the schema the FieldPath is written in terms of, defaults to "v1". 2465 // +optional 2466 optional string apiVersion = 1; 2467 2468 // Path of the field to select in the specified API version. 2469 optional string fieldPath = 2; 2470} 2471 2472// ObjectReference contains enough information to let you inspect or modify the referred object. 2473// --- 2474// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 2475// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2476// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular 2477// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". 2478// Those cannot be well described when embedded. 2479// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 2480// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity 2481// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple 2482// and the version of the actual struct is irrelevant. 2483// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type 2484// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. 2485// Instead of using this type, create a locally provided and used type that is well-focused on your reference. 2486// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . 2487// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 2488message ObjectReference { 2489 // Kind of the referent. 2490 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2491 // +optional 2492 optional string kind = 1; 2493 2494 // Namespace of the referent. 2495 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 2496 // +optional 2497 optional string namespace = 2; 2498 2499 // Name of the referent. 2500 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2501 // +optional 2502 optional string name = 3; 2503 2504 // UID of the referent. 2505 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids 2506 // +optional 2507 optional string uid = 4; 2508 2509 // API version of the referent. 2510 // +optional 2511 optional string apiVersion = 5; 2512 2513 // Specific resourceVersion to which this reference is made, if any. 2514 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 2515 // +optional 2516 optional string resourceVersion = 6; 2517 2518 // If referring to a piece of an object instead of an entire object, this string 2519 // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. 2520 // For example, if the object reference is to a container within a pod, this would take on a value like: 2521 // "spec.containers{name}" (where "name" refers to the name of the container that triggered 2522 // the event) or if no container name is specified "spec.containers[2]" (container with 2523 // index 2 in this pod). This syntax is chosen only to have some well-defined way of 2524 // referencing a part of an object. 2525 // TODO: this design is not final and this field is subject to change in the future. 2526 // +optional 2527 optional string fieldPath = 7; 2528} 2529 2530// PersistentVolume (PV) is a storage resource provisioned by an administrator. 2531// It is analogous to a node. 2532// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes 2533message PersistentVolume { 2534 // Standard object's metadata. 2535 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 2536 // +optional 2537 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 2538 2539 // Spec defines a specification of a persistent volume owned by the cluster. 2540 // Provisioned by an administrator. 2541 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes 2542 // +optional 2543 optional PersistentVolumeSpec spec = 2; 2544 2545 // Status represents the current information/status for the persistent volume. 2546 // Populated by the system. 2547 // Read-only. 2548 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes 2549 // +optional 2550 optional PersistentVolumeStatus status = 3; 2551} 2552 2553// PersistentVolumeClaim is a user's request for and claim to a persistent volume 2554message PersistentVolumeClaim { 2555 // Standard object's metadata. 2556 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 2557 // +optional 2558 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 2559 2560 // Spec defines the desired characteristics of a volume requested by a pod author. 2561 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 2562 // +optional 2563 optional PersistentVolumeClaimSpec spec = 2; 2564 2565 // Status represents the current information/status of a persistent volume claim. 2566 // Read-only. 2567 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 2568 // +optional 2569 optional PersistentVolumeClaimStatus status = 3; 2570} 2571 2572// PersistentVolumeClaimCondition contails details about state of pvc 2573message PersistentVolumeClaimCondition { 2574 optional string type = 1; 2575 2576 optional string status = 2; 2577 2578 // Last time we probed the condition. 2579 // +optional 2580 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3; 2581 2582 // Last time the condition transitioned from one status to another. 2583 // +optional 2584 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; 2585 2586 // Unique, this should be a short, machine understandable string that gives the reason 2587 // for condition's last transition. If it reports "ResizeStarted" that means the underlying 2588 // persistent volume is being resized. 2589 // +optional 2590 optional string reason = 5; 2591 2592 // Human-readable message indicating details about last transition. 2593 // +optional 2594 optional string message = 6; 2595} 2596 2597// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. 2598message PersistentVolumeClaimList { 2599 // Standard list metadata. 2600 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2601 // +optional 2602 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 2603 2604 // A list of persistent volume claims. 2605 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 2606 repeated PersistentVolumeClaim items = 2; 2607} 2608 2609// PersistentVolumeClaimSpec describes the common attributes of storage devices 2610// and allows a Source for provider-specific attributes 2611message PersistentVolumeClaimSpec { 2612 // AccessModes contains the desired access modes the volume should have. 2613 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 2614 // +optional 2615 repeated string accessModes = 1; 2616 2617 // A label query over volumes to consider for binding. 2618 // +optional 2619 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 4; 2620 2621 // Resources represents the minimum resources the volume should have. 2622 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources 2623 // +optional 2624 optional ResourceRequirements resources = 2; 2625 2626 // VolumeName is the binding reference to the PersistentVolume backing this claim. 2627 // +optional 2628 optional string volumeName = 3; 2629 2630 // Name of the StorageClass required by the claim. 2631 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 2632 // +optional 2633 optional string storageClassName = 5; 2634 2635 // volumeMode defines what type of volume is required by the claim. 2636 // Value of Filesystem is implied when not included in claim spec. 2637 // +optional 2638 optional string volumeMode = 6; 2639 2640 // This field can be used to specify either: 2641 // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) 2642 // * An existing PVC (PersistentVolumeClaim) 2643 // * An existing custom resource/object that implements data population (Alpha) 2644 // In order to use VolumeSnapshot object types, the appropriate feature gate 2645 // must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) 2646 // If the provisioner or an external controller can support the specified data source, 2647 // it will create a new volume based on the contents of the specified data source. 2648 // If the specified data source is not supported, the volume will 2649 // not be created and the failure will be reported as an event. 2650 // In the future, we plan to support more data source types and the behavior 2651 // of the provisioner may change. 2652 // +optional 2653 optional TypedLocalObjectReference dataSource = 7; 2654} 2655 2656// PersistentVolumeClaimStatus is the current status of a persistent volume claim. 2657message PersistentVolumeClaimStatus { 2658 // Phase represents the current phase of PersistentVolumeClaim. 2659 // +optional 2660 optional string phase = 1; 2661 2662 // AccessModes contains the actual access modes the volume backing the PVC has. 2663 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 2664 // +optional 2665 repeated string accessModes = 2; 2666 2667 // Represents the actual resources of the underlying volume. 2668 // +optional 2669 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 3; 2670 2671 // Current Condition of persistent volume claim. If underlying persistent volume is being 2672 // resized then the Condition will be set to 'ResizeStarted'. 2673 // +optional 2674 // +patchMergeKey=type 2675 // +patchStrategy=merge 2676 repeated PersistentVolumeClaimCondition conditions = 4; 2677} 2678 2679// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. 2680// This volume finds the bound PV and mounts that volume for the pod. A 2681// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another 2682// type of volume that is owned by someone else (the system). 2683message PersistentVolumeClaimVolumeSource { 2684 // ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. 2685 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 2686 optional string claimName = 1; 2687 2688 // Will force the ReadOnly setting in VolumeMounts. 2689 // Default false. 2690 // +optional 2691 optional bool readOnly = 2; 2692} 2693 2694// PersistentVolumeList is a list of PersistentVolume items. 2695message PersistentVolumeList { 2696 // Standard list metadata. 2697 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2698 // +optional 2699 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 2700 2701 // List of persistent volumes. 2702 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes 2703 repeated PersistentVolume items = 2; 2704} 2705 2706// PersistentVolumeSource is similar to VolumeSource but meant for the 2707// administrator who creates PVs. Exactly one of its members must be set. 2708message PersistentVolumeSource { 2709 // GCEPersistentDisk represents a GCE Disk resource that is attached to a 2710 // kubelet's host machine and then exposed to the pod. Provisioned by an admin. 2711 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 2712 // +optional 2713 optional GCEPersistentDiskVolumeSource gcePersistentDisk = 1; 2714 2715 // AWSElasticBlockStore represents an AWS Disk resource that is attached to a 2716 // kubelet's host machine and then exposed to the pod. 2717 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 2718 // +optional 2719 optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 2; 2720 2721 // HostPath represents a directory on the host. 2722 // Provisioned by a developer or tester. 2723 // This is useful for single-node development and testing only! 2724 // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. 2725 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 2726 // +optional 2727 optional HostPathVolumeSource hostPath = 3; 2728 2729 // Glusterfs represents a Glusterfs volume that is attached to a host and 2730 // exposed to the pod. Provisioned by an admin. 2731 // More info: https://examples.k8s.io/volumes/glusterfs/README.md 2732 // +optional 2733 optional GlusterfsPersistentVolumeSource glusterfs = 4; 2734 2735 // NFS represents an NFS mount on the host. Provisioned by an admin. 2736 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 2737 // +optional 2738 optional NFSVolumeSource nfs = 5; 2739 2740 // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. 2741 // More info: https://examples.k8s.io/volumes/rbd/README.md 2742 // +optional 2743 optional RBDPersistentVolumeSource rbd = 6; 2744 2745 // ISCSI represents an ISCSI Disk resource that is attached to a 2746 // kubelet's host machine and then exposed to the pod. Provisioned by an admin. 2747 // +optional 2748 optional ISCSIPersistentVolumeSource iscsi = 7; 2749 2750 // Cinder represents a cinder volume attached and mounted on kubelets host machine. 2751 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md 2752 // +optional 2753 optional CinderPersistentVolumeSource cinder = 8; 2754 2755 // CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 2756 // +optional 2757 optional CephFSPersistentVolumeSource cephfs = 9; 2758 2759 // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 2760 // +optional 2761 optional FCVolumeSource fc = 10; 2762 2763 // Flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running 2764 // +optional 2765 optional FlockerVolumeSource flocker = 11; 2766 2767 // FlexVolume represents a generic volume resource that is 2768 // provisioned/attached using an exec based plugin. 2769 // +optional 2770 optional FlexPersistentVolumeSource flexVolume = 12; 2771 2772 // AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 2773 // +optional 2774 optional AzureFilePersistentVolumeSource azureFile = 13; 2775 2776 // VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 2777 // +optional 2778 optional VsphereVirtualDiskVolumeSource vsphereVolume = 14; 2779 2780 // Quobyte represents a Quobyte mount on the host that shares a pod's lifetime 2781 // +optional 2782 optional QuobyteVolumeSource quobyte = 15; 2783 2784 // AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 2785 // +optional 2786 optional AzureDiskVolumeSource azureDisk = 16; 2787 2788 // PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 2789 optional PhotonPersistentDiskVolumeSource photonPersistentDisk = 17; 2790 2791 // PortworxVolume represents a portworx volume attached and mounted on kubelets host machine 2792 // +optional 2793 optional PortworxVolumeSource portworxVolume = 18; 2794 2795 // ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 2796 // +optional 2797 optional ScaleIOPersistentVolumeSource scaleIO = 19; 2798 2799 // Local represents directly-attached storage with node affinity 2800 // +optional 2801 optional LocalVolumeSource local = 20; 2802 2803 // StorageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod 2804 // More info: https://examples.k8s.io/volumes/storageos/README.md 2805 // +optional 2806 optional StorageOSPersistentVolumeSource storageos = 21; 2807 2808 // CSI represents storage that is handled by an external CSI driver (Beta feature). 2809 // +optional 2810 optional CSIPersistentVolumeSource csi = 22; 2811} 2812 2813// PersistentVolumeSpec is the specification of a persistent volume. 2814message PersistentVolumeSpec { 2815 // A description of the persistent volume's resources and capacity. 2816 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity 2817 // +optional 2818 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 1; 2819 2820 // The actual volume backing the persistent volume. 2821 optional PersistentVolumeSource persistentVolumeSource = 2; 2822 2823 // AccessModes contains all ways the volume can be mounted. 2824 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes 2825 // +optional 2826 repeated string accessModes = 3; 2827 2828 // ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. 2829 // Expected to be non-nil when bound. 2830 // claim.VolumeName is the authoritative bind between PV and PVC. 2831 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding 2832 // +optional 2833 optional ObjectReference claimRef = 4; 2834 2835 // What happens to a persistent volume when released from its claim. 2836 // Valid options are Retain (default for manually created PersistentVolumes), Delete (default 2837 // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). 2838 // Recycle must be supported by the volume plugin underlying this PersistentVolume. 2839 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming 2840 // +optional 2841 optional string persistentVolumeReclaimPolicy = 5; 2842 2843 // Name of StorageClass to which this persistent volume belongs. Empty value 2844 // means that this volume does not belong to any StorageClass. 2845 // +optional 2846 optional string storageClassName = 6; 2847 2848 // A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will 2849 // simply fail if one is invalid. 2850 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options 2851 // +optional 2852 repeated string mountOptions = 7; 2853 2854 // volumeMode defines if a volume is intended to be used with a formatted filesystem 2855 // or to remain in raw block state. Value of Filesystem is implied when not included in spec. 2856 // +optional 2857 optional string volumeMode = 8; 2858 2859 // NodeAffinity defines constraints that limit what nodes this volume can be accessed from. 2860 // This field influences the scheduling of pods that use this volume. 2861 // +optional 2862 optional VolumeNodeAffinity nodeAffinity = 9; 2863} 2864 2865// PersistentVolumeStatus is the current status of a persistent volume. 2866message PersistentVolumeStatus { 2867 // Phase indicates if a volume is available, bound to a claim, or released by a claim. 2868 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase 2869 // +optional 2870 optional string phase = 1; 2871 2872 // A human-readable message indicating details about why the volume is in this state. 2873 // +optional 2874 optional string message = 2; 2875 2876 // Reason is a brief CamelCase string that describes any failure and is meant 2877 // for machine parsing and tidy display in the CLI. 2878 // +optional 2879 optional string reason = 3; 2880} 2881 2882// Represents a Photon Controller persistent disk resource. 2883message PhotonPersistentDiskVolumeSource { 2884 // ID that identifies Photon Controller persistent disk 2885 optional string pdID = 1; 2886 2887 // Filesystem type to mount. 2888 // Must be a filesystem type supported by the host operating system. 2889 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 2890 optional string fsType = 2; 2891} 2892 2893// Pod is a collection of containers that can run on a host. This resource is created 2894// by clients and scheduled onto hosts. 2895message Pod { 2896 // Standard object's metadata. 2897 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 2898 // +optional 2899 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 2900 2901 // Specification of the desired behavior of the pod. 2902 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 2903 // +optional 2904 optional PodSpec spec = 2; 2905 2906 // Most recently observed status of the pod. 2907 // This data may not be up to date. 2908 // Populated by the system. 2909 // Read-only. 2910 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 2911 // +optional 2912 optional PodStatus status = 3; 2913} 2914 2915// Pod affinity is a group of inter pod affinity scheduling rules. 2916message PodAffinity { 2917 // If the affinity requirements specified by this field are not met at 2918 // scheduling time, the pod will not be scheduled onto the node. 2919 // If the affinity requirements specified by this field cease to be met 2920 // at some point during pod execution (e.g. due to a pod label update), the 2921 // system may or may not try to eventually evict the pod from its node. 2922 // When there are multiple elements, the lists of nodes corresponding to each 2923 // podAffinityTerm are intersected, i.e. all terms must be satisfied. 2924 // +optional 2925 repeated PodAffinityTerm requiredDuringSchedulingIgnoredDuringExecution = 1; 2926 2927 // The scheduler will prefer to schedule pods to nodes that satisfy 2928 // the affinity expressions specified by this field, but it may choose 2929 // a node that violates one or more of the expressions. The node that is 2930 // most preferred is the one with the greatest sum of weights, i.e. 2931 // for each node that meets all of the scheduling requirements (resource 2932 // request, requiredDuringScheduling affinity expressions, etc.), 2933 // compute a sum by iterating through the elements of this field and adding 2934 // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 2935 // node(s) with the highest sum are the most preferred. 2936 // +optional 2937 repeated WeightedPodAffinityTerm preferredDuringSchedulingIgnoredDuringExecution = 2; 2938} 2939 2940// Defines a set of pods (namely those matching the labelSelector 2941// relative to the given namespace(s)) that this pod should be 2942// co-located (affinity) or not co-located (anti-affinity) with, 2943// where co-located is defined as running on a node whose value of 2944// the label with key <topologyKey> matches that of any node on which 2945// a pod of the set of pods is running 2946message PodAffinityTerm { 2947 // A label query over a set of resources, in this case pods. 2948 // +optional 2949 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 1; 2950 2951 // namespaces specifies which namespaces the labelSelector applies to (matches against); 2952 // null or empty list means "this pod's namespace" 2953 // +optional 2954 repeated string namespaces = 2; 2955 2956 // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 2957 // the labelSelector in the specified namespaces, where co-located is defined as running on a node 2958 // whose value of the label with key topologyKey matches that of any node on which any of the 2959 // selected pods is running. 2960 // Empty topologyKey is not allowed. 2961 optional string topologyKey = 3; 2962} 2963 2964// Pod anti affinity is a group of inter pod anti affinity scheduling rules. 2965message PodAntiAffinity { 2966 // If the anti-affinity requirements specified by this field are not met at 2967 // scheduling time, the pod will not be scheduled onto the node. 2968 // If the anti-affinity requirements specified by this field cease to be met 2969 // at some point during pod execution (e.g. due to a pod label update), the 2970 // system may or may not try to eventually evict the pod from its node. 2971 // When there are multiple elements, the lists of nodes corresponding to each 2972 // podAffinityTerm are intersected, i.e. all terms must be satisfied. 2973 // +optional 2974 repeated PodAffinityTerm requiredDuringSchedulingIgnoredDuringExecution = 1; 2975 2976 // The scheduler will prefer to schedule pods to nodes that satisfy 2977 // the anti-affinity expressions specified by this field, but it may choose 2978 // a node that violates one or more of the expressions. The node that is 2979 // most preferred is the one with the greatest sum of weights, i.e. 2980 // for each node that meets all of the scheduling requirements (resource 2981 // request, requiredDuringScheduling anti-affinity expressions, etc.), 2982 // compute a sum by iterating through the elements of this field and adding 2983 // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 2984 // node(s) with the highest sum are the most preferred. 2985 // +optional 2986 repeated WeightedPodAffinityTerm preferredDuringSchedulingIgnoredDuringExecution = 2; 2987} 2988 2989// PodAttachOptions is the query options to a Pod's remote attach call. 2990// --- 2991// TODO: merge w/ PodExecOptions below for stdin, stdout, etc 2992// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY 2993message PodAttachOptions { 2994 // Stdin if true, redirects the standard input stream of the pod for this call. 2995 // Defaults to false. 2996 // +optional 2997 optional bool stdin = 1; 2998 2999 // Stdout if true indicates that stdout is to be redirected for the attach call. 3000 // Defaults to true. 3001 // +optional 3002 optional bool stdout = 2; 3003 3004 // Stderr if true indicates that stderr is to be redirected for the attach call. 3005 // Defaults to true. 3006 // +optional 3007 optional bool stderr = 3; 3008 3009 // TTY if true indicates that a tty will be allocated for the attach call. 3010 // This is passed through the container runtime so the tty 3011 // is allocated on the worker node by the container runtime. 3012 // Defaults to false. 3013 // +optional 3014 optional bool tty = 4; 3015 3016 // The container in which to execute the command. 3017 // Defaults to only container if there is only one container in the pod. 3018 // +optional 3019 optional string container = 5; 3020} 3021 3022// PodCondition contains details for the current condition of this pod. 3023message PodCondition { 3024 // Type is the type of the condition. 3025 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions 3026 optional string type = 1; 3027 3028 // Status is the status of the condition. 3029 // Can be True, False, Unknown. 3030 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions 3031 optional string status = 2; 3032 3033 // Last time we probed the condition. 3034 // +optional 3035 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3; 3036 3037 // Last time the condition transitioned from one status to another. 3038 // +optional 3039 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; 3040 3041 // Unique, one-word, CamelCase reason for the condition's last transition. 3042 // +optional 3043 optional string reason = 5; 3044 3045 // Human-readable message indicating details about last transition. 3046 // +optional 3047 optional string message = 6; 3048} 3049 3050// PodDNSConfig defines the DNS parameters of a pod in addition to 3051// those generated from DNSPolicy. 3052message PodDNSConfig { 3053 // A list of DNS name server IP addresses. 3054 // This will be appended to the base nameservers generated from DNSPolicy. 3055 // Duplicated nameservers will be removed. 3056 // +optional 3057 repeated string nameservers = 1; 3058 3059 // A list of DNS search domains for host-name lookup. 3060 // This will be appended to the base search paths generated from DNSPolicy. 3061 // Duplicated search paths will be removed. 3062 // +optional 3063 repeated string searches = 2; 3064 3065 // A list of DNS resolver options. 3066 // This will be merged with the base options generated from DNSPolicy. 3067 // Duplicated entries will be removed. Resolution options given in Options 3068 // will override those that appear in the base DNSPolicy. 3069 // +optional 3070 repeated PodDNSConfigOption options = 3; 3071} 3072 3073// PodDNSConfigOption defines DNS resolver options of a pod. 3074message PodDNSConfigOption { 3075 // Required. 3076 optional string name = 1; 3077 3078 // +optional 3079 optional string value = 2; 3080} 3081 3082// PodExecOptions is the query options to a Pod's remote exec call. 3083// --- 3084// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging 3085// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY 3086message PodExecOptions { 3087 // Redirect the standard input stream of the pod for this call. 3088 // Defaults to false. 3089 // +optional 3090 optional bool stdin = 1; 3091 3092 // Redirect the standard output stream of the pod for this call. 3093 // Defaults to true. 3094 // +optional 3095 optional bool stdout = 2; 3096 3097 // Redirect the standard error stream of the pod for this call. 3098 // Defaults to true. 3099 // +optional 3100 optional bool stderr = 3; 3101 3102 // TTY if true indicates that a tty will be allocated for the exec call. 3103 // Defaults to false. 3104 // +optional 3105 optional bool tty = 4; 3106 3107 // Container in which to execute the command. 3108 // Defaults to only container if there is only one container in the pod. 3109 // +optional 3110 optional string container = 5; 3111 3112 // Command is the remote command to execute. argv array. Not executed within a shell. 3113 repeated string command = 6; 3114} 3115 3116// IP address information for entries in the (plural) PodIPs field. 3117// Each entry includes: 3118// IP: An IP address allocated to the pod. Routable at least within the cluster. 3119message PodIP { 3120 // ip is an IP address (IPv4 or IPv6) assigned to the pod 3121 optional string ip = 1; 3122} 3123 3124// PodList is a list of Pods. 3125message PodList { 3126 // Standard list metadata. 3127 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 3128 // +optional 3129 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 3130 3131 // List of pods. 3132 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md 3133 repeated Pod items = 2; 3134} 3135 3136// PodLogOptions is the query options for a Pod's logs REST call. 3137message PodLogOptions { 3138 // The container for which to stream logs. Defaults to only container if there is one container in the pod. 3139 // +optional 3140 optional string container = 1; 3141 3142 // Follow the log stream of the pod. Defaults to false. 3143 // +optional 3144 optional bool follow = 2; 3145 3146 // Return previous terminated container logs. Defaults to false. 3147 // +optional 3148 optional bool previous = 3; 3149 3150 // A relative time in seconds before the current time from which to show logs. If this value 3151 // precedes the time a pod was started, only logs since the pod start will be returned. 3152 // If this value is in the future, no logs will be returned. 3153 // Only one of sinceSeconds or sinceTime may be specified. 3154 // +optional 3155 optional int64 sinceSeconds = 4; 3156 3157 // An RFC3339 timestamp from which to show logs. If this value 3158 // precedes the time a pod was started, only logs since the pod start will be returned. 3159 // If this value is in the future, no logs will be returned. 3160 // Only one of sinceSeconds or sinceTime may be specified. 3161 // +optional 3162 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time sinceTime = 5; 3163 3164 // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line 3165 // of log output. Defaults to false. 3166 // +optional 3167 optional bool timestamps = 6; 3168 3169 // If set, the number of lines from the end of the logs to show. If not specified, 3170 // logs are shown from the creation of the container or sinceSeconds or sinceTime 3171 // +optional 3172 optional int64 tailLines = 7; 3173 3174 // If set, the number of bytes to read from the server before terminating the 3175 // log output. This may not display a complete final line of logging, and may return 3176 // slightly more or slightly less than the specified limit. 3177 // +optional 3178 optional int64 limitBytes = 8; 3179 3180 // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the 3181 // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver 3182 // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real 3183 // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the 3184 // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept 3185 // the actual log data coming from the real kubelet). 3186 // +optional 3187 optional bool insecureSkipTLSVerifyBackend = 9; 3188} 3189 3190// PodPortForwardOptions is the query options to a Pod's port forward call 3191// when using WebSockets. 3192// The `port` query parameter must specify the port or 3193// ports (comma separated) to forward over. 3194// Port forwarding over SPDY does not use these options. It requires the port 3195// to be passed in the `port` header as part of request. 3196message PodPortForwardOptions { 3197 // List of ports to forward 3198 // Required when using WebSockets 3199 // +optional 3200 repeated int32 ports = 1; 3201} 3202 3203// PodProxyOptions is the query options to a Pod's proxy call. 3204message PodProxyOptions { 3205 // Path is the URL path to use for the current proxy request to pod. 3206 // +optional 3207 optional string path = 1; 3208} 3209 3210// PodReadinessGate contains the reference to a pod condition 3211message PodReadinessGate { 3212 // ConditionType refers to a condition in the pod's condition list with matching type. 3213 optional string conditionType = 1; 3214} 3215 3216// PodSecurityContext holds pod-level security attributes and common container settings. 3217// Some fields are also present in container.securityContext. Field values of 3218// container.securityContext take precedence over field values of PodSecurityContext. 3219message PodSecurityContext { 3220 // The SELinux context to be applied to all containers. 3221 // If unspecified, the container runtime will allocate a random SELinux context for each 3222 // container. May also be set in SecurityContext. If set in 3223 // both SecurityContext and PodSecurityContext, the value specified in SecurityContext 3224 // takes precedence for that container. 3225 // +optional 3226 optional SELinuxOptions seLinuxOptions = 1; 3227 3228 // The Windows specific settings applied to all containers. 3229 // If unspecified, the options within a container's SecurityContext will be used. 3230 // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3231 // +optional 3232 optional WindowsSecurityContextOptions windowsOptions = 8; 3233 3234 // The UID to run the entrypoint of the container process. 3235 // Defaults to user specified in image metadata if unspecified. 3236 // May also be set in SecurityContext. If set in both SecurityContext and 3237 // PodSecurityContext, the value specified in SecurityContext takes precedence 3238 // for that container. 3239 // +optional 3240 optional int64 runAsUser = 2; 3241 3242 // The GID to run the entrypoint of the container process. 3243 // Uses runtime default if unset. 3244 // May also be set in SecurityContext. If set in both SecurityContext and 3245 // PodSecurityContext, the value specified in SecurityContext takes precedence 3246 // for that container. 3247 // +optional 3248 optional int64 runAsGroup = 6; 3249 3250 // Indicates that the container must run as a non-root user. 3251 // If true, the Kubelet will validate the image at runtime to ensure that it 3252 // does not run as UID 0 (root) and fail to start the container if it does. 3253 // If unset or false, no such validation will be performed. 3254 // May also be set in SecurityContext. If set in both SecurityContext and 3255 // PodSecurityContext, the value specified in SecurityContext takes precedence. 3256 // +optional 3257 optional bool runAsNonRoot = 3; 3258 3259 // A list of groups applied to the first process run in each container, in addition 3260 // to the container's primary GID. If unspecified, no groups will be added to 3261 // any container. 3262 // +optional 3263 repeated int64 supplementalGroups = 4; 3264 3265 // A special supplemental group that applies to all containers in a pod. 3266 // Some volume types allow the Kubelet to change the ownership of that volume 3267 // to be owned by the pod: 3268 // 3269 // 1. The owning GID will be the FSGroup 3270 // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3271 // 3. The permission bits are OR'd with rw-rw---- 3272 // 3273 // If unset, the Kubelet will not modify the ownership and permissions of any volume. 3274 // +optional 3275 optional int64 fsGroup = 5; 3276 3277 // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported 3278 // sysctls (by the container runtime) might fail to launch. 3279 // +optional 3280 repeated Sysctl sysctls = 7; 3281 3282 // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume 3283 // before being exposed inside Pod. This field will only apply to 3284 // volume types which support fsGroup based ownership(and permissions). 3285 // It will have no effect on ephemeral volume types such as: secret, configmaps 3286 // and emptydir. 3287 // Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always". 3288 // +optional 3289 optional string fsGroupChangePolicy = 9; 3290} 3291 3292// Describes the class of pods that should avoid this node. 3293// Exactly one field should be set. 3294message PodSignature { 3295 // Reference to controller whose pods should avoid this node. 3296 // +optional 3297 optional k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference podController = 1; 3298} 3299 3300// PodSpec is a description of a pod. 3301message PodSpec { 3302 // List of volumes that can be mounted by containers belonging to the pod. 3303 // More info: https://kubernetes.io/docs/concepts/storage/volumes 3304 // +optional 3305 // +patchMergeKey=name 3306 // +patchStrategy=merge,retainKeys 3307 repeated Volume volumes = 1; 3308 3309 // List of initialization containers belonging to the pod. 3310 // Init containers are executed in order prior to containers being started. If any 3311 // init container fails, the pod is considered to have failed and is handled according 3312 // to its restartPolicy. The name for an init container or normal container must be 3313 // unique among all containers. 3314 // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. 3315 // The resourceRequirements of an init container are taken into account during scheduling 3316 // by finding the highest request/limit for each resource type, and then using the max of 3317 // of that value or the sum of the normal containers. Limits are applied to init containers 3318 // in a similar fashion. 3319 // Init containers cannot currently be added or removed. 3320 // Cannot be updated. 3321 // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ 3322 // +patchMergeKey=name 3323 // +patchStrategy=merge 3324 repeated Container initContainers = 20; 3325 3326 // List of containers belonging to the pod. 3327 // Containers cannot currently be added or removed. 3328 // There must be at least one container in a Pod. 3329 // Cannot be updated. 3330 // +patchMergeKey=name 3331 // +patchStrategy=merge 3332 repeated Container containers = 2; 3333 3334 // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing 3335 // pod to perform user-initiated actions such as debugging. This list cannot be specified when 3336 // creating a pod, and it cannot be modified by updating the pod spec. In order to add an 3337 // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 3338 // This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature. 3339 // +optional 3340 // +patchMergeKey=name 3341 // +patchStrategy=merge 3342 repeated EphemeralContainer ephemeralContainers = 34; 3343 3344 // Restart policy for all containers within the pod. 3345 // One of Always, OnFailure, Never. 3346 // Default to Always. 3347 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 3348 // +optional 3349 optional string restartPolicy = 3; 3350 3351 // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. 3352 // Value must be non-negative integer. The value zero indicates delete immediately. 3353 // If this value is nil, the default grace period will be used instead. 3354 // The grace period is the duration in seconds after the processes running in the pod are sent 3355 // a termination signal and the time when the processes are forcibly halted with a kill signal. 3356 // Set this value longer than the expected cleanup time for your process. 3357 // Defaults to 30 seconds. 3358 // +optional 3359 optional int64 terminationGracePeriodSeconds = 4; 3360 3361 // Optional duration in seconds the pod may be active on the node relative to 3362 // StartTime before the system will actively try to mark it failed and kill associated containers. 3363 // Value must be a positive integer. 3364 // +optional 3365 optional int64 activeDeadlineSeconds = 5; 3366 3367 // Set DNS policy for the pod. 3368 // Defaults to "ClusterFirst". 3369 // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. 3370 // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. 3371 // To have DNS options set along with hostNetwork, you have to specify DNS policy 3372 // explicitly to 'ClusterFirstWithHostNet'. 3373 // +optional 3374 optional string dnsPolicy = 6; 3375 3376 // NodeSelector is a selector which must be true for the pod to fit on a node. 3377 // Selector which must match a node's labels for the pod to be scheduled on that node. 3378 // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ 3379 // +optional 3380 map<string, string> nodeSelector = 7; 3381 3382 // ServiceAccountName is the name of the ServiceAccount to use to run this pod. 3383 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 3384 // +optional 3385 optional string serviceAccountName = 8; 3386 3387 // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. 3388 // Deprecated: Use serviceAccountName instead. 3389 // +k8s:conversion-gen=false 3390 // +optional 3391 optional string serviceAccount = 9; 3392 3393 // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 3394 // +optional 3395 optional bool automountServiceAccountToken = 21; 3396 3397 // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, 3398 // the scheduler simply schedules this pod onto that node, assuming that it fits resource 3399 // requirements. 3400 // +optional 3401 optional string nodeName = 10; 3402 3403 // Host networking requested for this pod. Use the host's network namespace. 3404 // If this option is set, the ports that will be used must be specified. 3405 // Default to false. 3406 // +k8s:conversion-gen=false 3407 // +optional 3408 optional bool hostNetwork = 11; 3409 3410 // Use the host's pid namespace. 3411 // Optional: Default to false. 3412 // +k8s:conversion-gen=false 3413 // +optional 3414 optional bool hostPID = 12; 3415 3416 // Use the host's ipc namespace. 3417 // Optional: Default to false. 3418 // +k8s:conversion-gen=false 3419 // +optional 3420 optional bool hostIPC = 13; 3421 3422 // Share a single process namespace between all of the containers in a pod. 3423 // When this is set containers will be able to view and signal processes from other containers 3424 // in the same pod, and the first process in each container will not be assigned PID 1. 3425 // HostPID and ShareProcessNamespace cannot both be set. 3426 // Optional: Default to false. 3427 // +k8s:conversion-gen=false 3428 // +optional 3429 optional bool shareProcessNamespace = 27; 3430 3431 // SecurityContext holds pod-level security attributes and common container settings. 3432 // Optional: Defaults to empty. See type description for default values of each field. 3433 // +optional 3434 optional PodSecurityContext securityContext = 14; 3435 3436 // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. 3437 // If specified, these secrets will be passed to individual puller implementations for them to use. For example, 3438 // in the case of docker, only DockerConfig type secrets are honored. 3439 // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod 3440 // +optional 3441 // +patchMergeKey=name 3442 // +patchStrategy=merge 3443 repeated LocalObjectReference imagePullSecrets = 15; 3444 3445 // Specifies the hostname of the Pod 3446 // If not specified, the pod's hostname will be set to a system-defined value. 3447 // +optional 3448 optional string hostname = 16; 3449 3450 // If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". 3451 // If not specified, the pod will not have a domainname at all. 3452 // +optional 3453 optional string subdomain = 17; 3454 3455 // If specified, the pod's scheduling constraints 3456 // +optional 3457 optional Affinity affinity = 18; 3458 3459 // If specified, the pod will be dispatched by specified scheduler. 3460 // If not specified, the pod will be dispatched by default scheduler. 3461 // +optional 3462 optional string schedulerName = 19; 3463 3464 // If specified, the pod's tolerations. 3465 // +optional 3466 repeated Toleration tolerations = 22; 3467 3468 // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts 3469 // file if specified. This is only valid for non-hostNetwork pods. 3470 // +optional 3471 // +patchMergeKey=ip 3472 // +patchStrategy=merge 3473 repeated HostAlias hostAliases = 23; 3474 3475 // If specified, indicates the pod's priority. "system-node-critical" and 3476 // "system-cluster-critical" are two special keywords which indicate the 3477 // highest priorities with the former being the highest priority. Any other 3478 // name must be defined by creating a PriorityClass object with that name. 3479 // If not specified, the pod priority will be default or zero if there is no 3480 // default. 3481 // +optional 3482 optional string priorityClassName = 24; 3483 3484 // The priority value. Various system components use this field to find the 3485 // priority of the pod. When Priority Admission Controller is enabled, it 3486 // prevents users from setting this field. The admission controller populates 3487 // this field from PriorityClassName. 3488 // The higher the value, the higher the priority. 3489 // +optional 3490 optional int32 priority = 25; 3491 3492 // Specifies the DNS parameters of a pod. 3493 // Parameters specified here will be merged to the generated DNS 3494 // configuration based on DNSPolicy. 3495 // +optional 3496 optional PodDNSConfig dnsConfig = 26; 3497 3498 // If specified, all readiness gates will be evaluated for pod readiness. 3499 // A pod is ready when all its containers are ready AND 3500 // all conditions specified in the readiness gates have status equal to "True" 3501 // More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md 3502 // +optional 3503 repeated PodReadinessGate readinessGates = 28; 3504 3505 // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used 3506 // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. 3507 // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an 3508 // empty definition that uses the default runtime handler. 3509 // More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md 3510 // This is a beta feature as of Kubernetes v1.14. 3511 // +optional 3512 optional string runtimeClassName = 29; 3513 3514 // EnableServiceLinks indicates whether information about services should be injected into pod's 3515 // environment variables, matching the syntax of Docker links. 3516 // Optional: Defaults to true. 3517 // +optional 3518 optional bool enableServiceLinks = 30; 3519 3520 // PreemptionPolicy is the Policy for preempting pods with lower priority. 3521 // One of Never, PreemptLowerPriority. 3522 // Defaults to PreemptLowerPriority if unset. 3523 // This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature. 3524 // +optional 3525 optional string preemptionPolicy = 31; 3526 3527 // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. 3528 // This field will be autopopulated at admission time by the RuntimeClass admission controller. If 3529 // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. 3530 // The RuntimeClass admission controller will reject Pod create requests which have the overhead already 3531 // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value 3532 // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. 3533 // More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md 3534 // This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature. 3535 // +optional 3536 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> overhead = 32; 3537 3538 // TopologySpreadConstraints describes how a group of pods ought to spread across topology 3539 // domains. Scheduler will schedule pods in a way which abides by the constraints. 3540 // This field is only honored by clusters that enable the EvenPodsSpread feature. 3541 // All topologySpreadConstraints are ANDed. 3542 // +optional 3543 // +patchMergeKey=topologyKey 3544 // +patchStrategy=merge 3545 // +listType=map 3546 // +listMapKey=topologyKey 3547 // +listMapKey=whenUnsatisfiable 3548 repeated TopologySpreadConstraint topologySpreadConstraints = 33; 3549} 3550 3551// PodStatus represents information about the status of a pod. Status may trail the actual 3552// state of a system, especially if the node that hosts the pod cannot contact the control 3553// plane. 3554message PodStatus { 3555 // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. 3556 // The conditions array, the reason and message fields, and the individual container status 3557 // arrays contain more detail about the pod's status. 3558 // There are five possible phase values: 3559 // 3560 // Pending: The pod has been accepted by the Kubernetes system, but one or more of the 3561 // container images has not been created. This includes time before being scheduled as 3562 // well as time spent downloading images over the network, which could take a while. 3563 // Running: The pod has been bound to a node, and all of the containers have been created. 3564 // At least one container is still running, or is in the process of starting or restarting. 3565 // Succeeded: All containers in the pod have terminated in success, and will not be restarted. 3566 // Failed: All containers in the pod have terminated, and at least one container has 3567 // terminated in failure. The container either exited with non-zero status or was terminated 3568 // by the system. 3569 // Unknown: For some reason the state of the pod could not be obtained, typically due to an 3570 // error in communicating with the host of the pod. 3571 // 3572 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase 3573 // +optional 3574 optional string phase = 1; 3575 3576 // Current service state of pod. 3577 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions 3578 // +optional 3579 // +patchMergeKey=type 3580 // +patchStrategy=merge 3581 repeated PodCondition conditions = 2; 3582 3583 // A human readable message indicating details about why the pod is in this condition. 3584 // +optional 3585 optional string message = 3; 3586 3587 // A brief CamelCase message indicating details about why the pod is in this state. 3588 // e.g. 'Evicted' 3589 // +optional 3590 optional string reason = 4; 3591 3592 // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be 3593 // scheduled right away as preemption victims receive their graceful termination periods. 3594 // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide 3595 // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to 3596 // give the resources on this node to a higher priority pod that is created after preemption. 3597 // As a result, this field may be different than PodSpec.nodeName when the pod is 3598 // scheduled. 3599 // +optional 3600 optional string nominatedNodeName = 11; 3601 3602 // IP address of the host to which the pod is assigned. Empty if not yet scheduled. 3603 // +optional 3604 optional string hostIP = 5; 3605 3606 // IP address allocated to the pod. Routable at least within the cluster. 3607 // Empty if not yet allocated. 3608 // +optional 3609 optional string podIP = 6; 3610 3611 // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must 3612 // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list 3613 // is empty if no IPs have been allocated yet. 3614 // +optional 3615 // +patchStrategy=merge 3616 // +patchMergeKey=ip 3617 repeated PodIP podIPs = 12; 3618 3619 // RFC 3339 date and time at which the object was acknowledged by the Kubelet. 3620 // This is before the Kubelet pulled the container image(s) for the pod. 3621 // +optional 3622 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startTime = 7; 3623 3624 // The list has one entry per init container in the manifest. The most recent successful 3625 // init container will have ready = true, the most recently started container will have 3626 // startTime set. 3627 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status 3628 repeated ContainerStatus initContainerStatuses = 10; 3629 3630 // The list has one entry per container in the manifest. Each entry is currently the output 3631 // of `docker inspect`. 3632 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status 3633 // +optional 3634 repeated ContainerStatus containerStatuses = 8; 3635 3636 // The Quality of Service (QOS) classification assigned to the pod based on resource requirements 3637 // See PodQOSClass type for available QOS classes 3638 // More info: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md 3639 // +optional 3640 optional string qosClass = 9; 3641 3642 // Status for any ephemeral containers that have run in this pod. 3643 // This field is alpha-level and is only populated by servers that enable the EphemeralContainers feature. 3644 // +optional 3645 repeated ContainerStatus ephemeralContainerStatuses = 13; 3646} 3647 3648// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded 3649message PodStatusResult { 3650 // Standard object's metadata. 3651 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 3652 // +optional 3653 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3654 3655 // Most recently observed status of the pod. 3656 // This data may not be up to date. 3657 // Populated by the system. 3658 // Read-only. 3659 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 3660 // +optional 3661 optional PodStatus status = 2; 3662} 3663 3664// PodTemplate describes a template for creating copies of a predefined pod. 3665message PodTemplate { 3666 // Standard object's metadata. 3667 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 3668 // +optional 3669 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3670 3671 // Template defines the pods that will be created from this pod template. 3672 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 3673 // +optional 3674 optional PodTemplateSpec template = 2; 3675} 3676 3677// PodTemplateList is a list of PodTemplates. 3678message PodTemplateList { 3679 // Standard list metadata. 3680 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 3681 // +optional 3682 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 3683 3684 // List of pod templates 3685 repeated PodTemplate items = 2; 3686} 3687 3688// PodTemplateSpec describes the data a pod should have when created from a template 3689message PodTemplateSpec { 3690 // Standard object's metadata. 3691 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 3692 // +optional 3693 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3694 3695 // Specification of the desired behavior of the pod. 3696 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 3697 // +optional 3698 optional PodSpec spec = 2; 3699} 3700 3701// PortworxVolumeSource represents a Portworx volume resource. 3702message PortworxVolumeSource { 3703 // VolumeID uniquely identifies a Portworx volume 3704 optional string volumeID = 1; 3705 3706 // FSType represents the filesystem type to mount 3707 // Must be a filesystem type supported by the host operating system. 3708 // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 3709 optional string fsType = 2; 3710 3711 // Defaults to false (read/write). ReadOnly here will force 3712 // the ReadOnly setting in VolumeMounts. 3713 // +optional 3714 optional bool readOnly = 3; 3715} 3716 3717// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. 3718// +k8s:openapi-gen=false 3719message Preconditions { 3720 // Specifies the target UID. 3721 // +optional 3722 optional string uid = 1; 3723} 3724 3725// Describes a class of pods that should avoid this node. 3726message PreferAvoidPodsEntry { 3727 // The class of pods. 3728 optional PodSignature podSignature = 1; 3729 3730 // Time at which this entry was added to the list. 3731 // +optional 3732 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time evictionTime = 2; 3733 3734 // (brief) reason why this entry was added to the list. 3735 // +optional 3736 optional string reason = 3; 3737 3738 // Human readable message indicating why this entry was added to the list. 3739 // +optional 3740 optional string message = 4; 3741} 3742 3743// An empty preferred scheduling term matches all objects with implicit weight 0 3744// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 3745message PreferredSchedulingTerm { 3746 // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 3747 optional int32 weight = 1; 3748 3749 // A node selector term, associated with the corresponding weight. 3750 optional NodeSelectorTerm preference = 2; 3751} 3752 3753// Probe describes a health check to be performed against a container to determine whether it is 3754// alive or ready to receive traffic. 3755message Probe { 3756 // The action taken to determine the health of a container 3757 optional Handler handler = 1; 3758 3759 // Number of seconds after the container has started before liveness probes are initiated. 3760 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3761 // +optional 3762 optional int32 initialDelaySeconds = 2; 3763 3764 // Number of seconds after which the probe times out. 3765 // Defaults to 1 second. Minimum value is 1. 3766 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3767 // +optional 3768 optional int32 timeoutSeconds = 3; 3769 3770 // How often (in seconds) to perform the probe. 3771 // Default to 10 seconds. Minimum value is 1. 3772 // +optional 3773 optional int32 periodSeconds = 4; 3774 3775 // Minimum consecutive successes for the probe to be considered successful after having failed. 3776 // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3777 // +optional 3778 optional int32 successThreshold = 5; 3779 3780 // Minimum consecutive failures for the probe to be considered failed after having succeeded. 3781 // Defaults to 3. Minimum value is 1. 3782 // +optional 3783 optional int32 failureThreshold = 6; 3784} 3785 3786// Represents a projected volume source 3787message ProjectedVolumeSource { 3788 // list of volume projections 3789 repeated VolumeProjection sources = 1; 3790 3791 // Mode bits to use on created files by default. Must be a value between 3792 // 0 and 0777. 3793 // Directories within the path are not affected by this setting. 3794 // This might be in conflict with other options that affect the file 3795 // mode, like fsGroup, and the result can be other mode bits set. 3796 // +optional 3797 optional int32 defaultMode = 2; 3798} 3799 3800// Represents a Quobyte mount that lasts the lifetime of a pod. 3801// Quobyte volumes do not support ownership management or SELinux relabeling. 3802message QuobyteVolumeSource { 3803 // Registry represents a single or multiple Quobyte Registry services 3804 // specified as a string as host:port pair (multiple entries are separated with commas) 3805 // which acts as the central registry for volumes 3806 optional string registry = 1; 3807 3808 // Volume is a string that references an already created Quobyte volume by name. 3809 optional string volume = 2; 3810 3811 // ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. 3812 // Defaults to false. 3813 // +optional 3814 optional bool readOnly = 3; 3815 3816 // User to map volume access to 3817 // Defaults to serivceaccount user 3818 // +optional 3819 optional string user = 4; 3820 3821 // Group to map volume access to 3822 // Default is no group 3823 // +optional 3824 optional string group = 5; 3825 3826 // Tenant owning the given Quobyte volume in the Backend 3827 // Used with dynamically provisioned Quobyte volumes, value is set by the plugin 3828 // +optional 3829 optional string tenant = 6; 3830} 3831 3832// Represents a Rados Block Device mount that lasts the lifetime of a pod. 3833// RBD volumes support ownership management and SELinux relabeling. 3834message RBDPersistentVolumeSource { 3835 // A collection of Ceph monitors. 3836 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3837 repeated string monitors = 1; 3838 3839 // The rados image name. 3840 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3841 optional string image = 2; 3842 3843 // Filesystem type of the volume that you want to mount. 3844 // Tip: Ensure that the filesystem type is supported by the host operating system. 3845 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3846 // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 3847 // TODO: how do we prevent errors in the filesystem from compromising the machine 3848 // +optional 3849 optional string fsType = 3; 3850 3851 // The rados pool name. 3852 // Default is rbd. 3853 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3854 // +optional 3855 optional string pool = 4; 3856 3857 // The rados user name. 3858 // Default is admin. 3859 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3860 // +optional 3861 optional string user = 5; 3862 3863 // Keyring is the path to key ring for RBDUser. 3864 // Default is /etc/ceph/keyring. 3865 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3866 // +optional 3867 optional string keyring = 6; 3868 3869 // SecretRef is name of the authentication secret for RBDUser. If provided 3870 // overrides keyring. 3871 // Default is nil. 3872 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3873 // +optional 3874 optional SecretReference secretRef = 7; 3875 3876 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 3877 // Defaults to false. 3878 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3879 // +optional 3880 optional bool readOnly = 8; 3881} 3882 3883// Represents a Rados Block Device mount that lasts the lifetime of a pod. 3884// RBD volumes support ownership management and SELinux relabeling. 3885message RBDVolumeSource { 3886 // A collection of Ceph monitors. 3887 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3888 repeated string monitors = 1; 3889 3890 // The rados image name. 3891 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3892 optional string image = 2; 3893 3894 // Filesystem type of the volume that you want to mount. 3895 // Tip: Ensure that the filesystem type is supported by the host operating system. 3896 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3897 // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 3898 // TODO: how do we prevent errors in the filesystem from compromising the machine 3899 // +optional 3900 optional string fsType = 3; 3901 3902 // The rados pool name. 3903 // Default is rbd. 3904 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3905 // +optional 3906 optional string pool = 4; 3907 3908 // The rados user name. 3909 // Default is admin. 3910 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3911 // +optional 3912 optional string user = 5; 3913 3914 // Keyring is the path to key ring for RBDUser. 3915 // Default is /etc/ceph/keyring. 3916 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3917 // +optional 3918 optional string keyring = 6; 3919 3920 // SecretRef is name of the authentication secret for RBDUser. If provided 3921 // overrides keyring. 3922 // Default is nil. 3923 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3924 // +optional 3925 optional LocalObjectReference secretRef = 7; 3926 3927 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 3928 // Defaults to false. 3929 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 3930 // +optional 3931 optional bool readOnly = 8; 3932} 3933 3934// RangeAllocation is not a public type. 3935message RangeAllocation { 3936 // Standard object's metadata. 3937 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 3938 // +optional 3939 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3940 3941 // Range is string that identifies the range represented by 'data'. 3942 optional string range = 2; 3943 3944 // Data is a bit array containing all allocated addresses in the previous segment. 3945 optional bytes data = 3; 3946} 3947 3948// ReplicationController represents the configuration of a replication controller. 3949message ReplicationController { 3950 // If the Labels of a ReplicationController are empty, they are defaulted to 3951 // be the same as the Pod(s) that the replication controller manages. 3952 // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 3953 // +optional 3954 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3955 3956 // Spec defines the specification of the desired behavior of the replication controller. 3957 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 3958 // +optional 3959 optional ReplicationControllerSpec spec = 2; 3960 3961 // Status is the most recently observed status of the replication controller. 3962 // This data may be out of date by some window of time. 3963 // Populated by the system. 3964 // Read-only. 3965 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 3966 // +optional 3967 optional ReplicationControllerStatus status = 3; 3968} 3969 3970// ReplicationControllerCondition describes the state of a replication controller at a certain point. 3971message ReplicationControllerCondition { 3972 // Type of replication controller condition. 3973 optional string type = 1; 3974 3975 // Status of the condition, one of True, False, Unknown. 3976 optional string status = 2; 3977 3978 // The last time the condition transitioned from one status to another. 3979 // +optional 3980 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; 3981 3982 // The reason for the condition's last transition. 3983 // +optional 3984 optional string reason = 4; 3985 3986 // A human readable message indicating details about the transition. 3987 // +optional 3988 optional string message = 5; 3989} 3990 3991// ReplicationControllerList is a collection of replication controllers. 3992message ReplicationControllerList { 3993 // Standard list metadata. 3994 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 3995 // +optional 3996 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 3997 3998 // List of replication controllers. 3999 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller 4000 repeated ReplicationController items = 2; 4001} 4002 4003// ReplicationControllerSpec is the specification of a replication controller. 4004message ReplicationControllerSpec { 4005 // Replicas is the number of desired replicas. 4006 // This is a pointer to distinguish between explicit zero and unspecified. 4007 // Defaults to 1. 4008 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller 4009 // +optional 4010 optional int32 replicas = 1; 4011 4012 // Minimum number of seconds for which a newly created pod should be ready 4013 // without any of its container crashing, for it to be considered available. 4014 // Defaults to 0 (pod will be considered available as soon as it is ready) 4015 // +optional 4016 optional int32 minReadySeconds = 4; 4017 4018 // Selector is a label query over pods that should match the Replicas count. 4019 // If Selector is empty, it is defaulted to the labels present on the Pod template. 4020 // Label keys and values that must match in order to be controlled by this replication 4021 // controller, if empty defaulted to labels on Pod template. 4022 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors 4023 // +optional 4024 map<string, string> selector = 2; 4025 4026 // Template is the object that describes the pod that will be created if 4027 // insufficient replicas are detected. This takes precedence over a TemplateRef. 4028 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template 4029 // +optional 4030 optional PodTemplateSpec template = 3; 4031} 4032 4033// ReplicationControllerStatus represents the current status of a replication 4034// controller. 4035message ReplicationControllerStatus { 4036 // Replicas is the most recently oberved number of replicas. 4037 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller 4038 optional int32 replicas = 1; 4039 4040 // The number of pods that have labels matching the labels of the pod template of the replication controller. 4041 // +optional 4042 optional int32 fullyLabeledReplicas = 2; 4043 4044 // The number of ready replicas for this replication controller. 4045 // +optional 4046 optional int32 readyReplicas = 4; 4047 4048 // The number of available replicas (ready for at least minReadySeconds) for this replication controller. 4049 // +optional 4050 optional int32 availableReplicas = 5; 4051 4052 // ObservedGeneration reflects the generation of the most recently observed replication controller. 4053 // +optional 4054 optional int64 observedGeneration = 3; 4055 4056 // Represents the latest available observations of a replication controller's current state. 4057 // +optional 4058 // +patchMergeKey=type 4059 // +patchStrategy=merge 4060 repeated ReplicationControllerCondition conditions = 6; 4061} 4062 4063// ResourceFieldSelector represents container resources (cpu, memory) and their output format 4064message ResourceFieldSelector { 4065 // Container name: required for volumes, optional for env vars 4066 // +optional 4067 optional string containerName = 1; 4068 4069 // Required: resource to select 4070 optional string resource = 2; 4071 4072 // Specifies the output format of the exposed resources, defaults to "1" 4073 // +optional 4074 optional k8s.io.apimachinery.pkg.api.resource.Quantity divisor = 3; 4075} 4076 4077// ResourceQuota sets aggregate quota restrictions enforced per namespace 4078message ResourceQuota { 4079 // Standard object's metadata. 4080 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4081 // +optional 4082 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 4083 4084 // Spec defines the desired quota. 4085 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 4086 // +optional 4087 optional ResourceQuotaSpec spec = 2; 4088 4089 // Status defines the actual enforced quota and its current usage. 4090 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 4091 // +optional 4092 optional ResourceQuotaStatus status = 3; 4093} 4094 4095// ResourceQuotaList is a list of ResourceQuota items. 4096message ResourceQuotaList { 4097 // Standard list metadata. 4098 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 4099 // +optional 4100 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 4101 4102 // Items is a list of ResourceQuota objects. 4103 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ 4104 repeated ResourceQuota items = 2; 4105} 4106 4107// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. 4108message ResourceQuotaSpec { 4109 // hard is the set of desired hard limits for each named resource. 4110 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ 4111 // +optional 4112 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> hard = 1; 4113 4114 // A collection of filters that must match each object tracked by a quota. 4115 // If not specified, the quota matches all objects. 4116 // +optional 4117 repeated string scopes = 2; 4118 4119 // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota 4120 // but expressed using ScopeSelectorOperator in combination with possible values. 4121 // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. 4122 // +optional 4123 optional ScopeSelector scopeSelector = 3; 4124} 4125 4126// ResourceQuotaStatus defines the enforced hard limits and observed use. 4127message ResourceQuotaStatus { 4128 // Hard is the set of enforced hard limits for each named resource. 4129 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ 4130 // +optional 4131 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> hard = 1; 4132 4133 // Used is the current observed total usage of the resource in the namespace. 4134 // +optional 4135 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> used = 2; 4136} 4137 4138// ResourceRequirements describes the compute resource requirements. 4139message ResourceRequirements { 4140 // Limits describes the maximum amount of compute resources allowed. 4141 // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ 4142 // +optional 4143 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> limits = 1; 4144 4145 // Requests describes the minimum amount of compute resources required. 4146 // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 4147 // otherwise to an implementation-defined value. 4148 // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ 4149 // +optional 4150 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> requests = 2; 4151} 4152 4153// SELinuxOptions are the labels to be applied to the container 4154message SELinuxOptions { 4155 // User is a SELinux user label that applies to the container. 4156 // +optional 4157 optional string user = 1; 4158 4159 // Role is a SELinux role label that applies to the container. 4160 // +optional 4161 optional string role = 2; 4162 4163 // Type is a SELinux type label that applies to the container. 4164 // +optional 4165 optional string type = 3; 4166 4167 // Level is SELinux level label that applies to the container. 4168 // +optional 4169 optional string level = 4; 4170} 4171 4172// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume 4173message ScaleIOPersistentVolumeSource { 4174 // The host address of the ScaleIO API Gateway. 4175 optional string gateway = 1; 4176 4177 // The name of the storage system as configured in ScaleIO. 4178 optional string system = 2; 4179 4180 // SecretRef references to the secret for ScaleIO user and other 4181 // sensitive information. If this is not provided, Login operation will fail. 4182 optional SecretReference secretRef = 3; 4183 4184 // Flag to enable/disable SSL communication with Gateway, default false 4185 // +optional 4186 optional bool sslEnabled = 4; 4187 4188 // The name of the ScaleIO Protection Domain for the configured storage. 4189 // +optional 4190 optional string protectionDomain = 5; 4191 4192 // The ScaleIO Storage Pool associated with the protection domain. 4193 // +optional 4194 optional string storagePool = 6; 4195 4196 // Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. 4197 // Default is ThinProvisioned. 4198 // +optional 4199 optional string storageMode = 7; 4200 4201 // The name of a volume already created in the ScaleIO system 4202 // that is associated with this volume source. 4203 optional string volumeName = 8; 4204 4205 // Filesystem type to mount. 4206 // Must be a filesystem type supported by the host operating system. 4207 // Ex. "ext4", "xfs", "ntfs". 4208 // Default is "xfs" 4209 // +optional 4210 optional string fsType = 9; 4211 4212 // Defaults to false (read/write). ReadOnly here will force 4213 // the ReadOnly setting in VolumeMounts. 4214 // +optional 4215 optional bool readOnly = 10; 4216} 4217 4218// ScaleIOVolumeSource represents a persistent ScaleIO volume 4219message ScaleIOVolumeSource { 4220 // The host address of the ScaleIO API Gateway. 4221 optional string gateway = 1; 4222 4223 // The name of the storage system as configured in ScaleIO. 4224 optional string system = 2; 4225 4226 // SecretRef references to the secret for ScaleIO user and other 4227 // sensitive information. If this is not provided, Login operation will fail. 4228 optional LocalObjectReference secretRef = 3; 4229 4230 // Flag to enable/disable SSL communication with Gateway, default false 4231 // +optional 4232 optional bool sslEnabled = 4; 4233 4234 // The name of the ScaleIO Protection Domain for the configured storage. 4235 // +optional 4236 optional string protectionDomain = 5; 4237 4238 // The ScaleIO Storage Pool associated with the protection domain. 4239 // +optional 4240 optional string storagePool = 6; 4241 4242 // Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. 4243 // Default is ThinProvisioned. 4244 // +optional 4245 optional string storageMode = 7; 4246 4247 // The name of a volume already created in the ScaleIO system 4248 // that is associated with this volume source. 4249 optional string volumeName = 8; 4250 4251 // Filesystem type to mount. 4252 // Must be a filesystem type supported by the host operating system. 4253 // Ex. "ext4", "xfs", "ntfs". 4254 // Default is "xfs". 4255 // +optional 4256 optional string fsType = 9; 4257 4258 // Defaults to false (read/write). ReadOnly here will force 4259 // the ReadOnly setting in VolumeMounts. 4260 // +optional 4261 optional bool readOnly = 10; 4262} 4263 4264// A scope selector represents the AND of the selectors represented 4265// by the scoped-resource selector requirements. 4266message ScopeSelector { 4267 // A list of scope selector requirements by scope of the resources. 4268 // +optional 4269 repeated ScopedResourceSelectorRequirement matchExpressions = 1; 4270} 4271 4272// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator 4273// that relates the scope name and values. 4274message ScopedResourceSelectorRequirement { 4275 // The name of the scope that the selector applies to. 4276 optional string scopeName = 1; 4277 4278 // Represents a scope's relationship to a set of values. 4279 // Valid operators are In, NotIn, Exists, DoesNotExist. 4280 optional string operator = 2; 4281 4282 // An array of string values. If the operator is In or NotIn, 4283 // the values array must be non-empty. If the operator is Exists or DoesNotExist, 4284 // the values array must be empty. 4285 // This array is replaced during a strategic merge patch. 4286 // +optional 4287 repeated string values = 3; 4288} 4289 4290// Secret holds secret data of a certain type. The total bytes of the values in 4291// the Data field must be less than MaxSecretSize bytes. 4292message Secret { 4293 // Standard object's metadata. 4294 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4295 // +optional 4296 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 4297 4298 // Immutable, if set to true, ensures that data stored in the Secret cannot 4299 // be updated (only object metadata can be modified). 4300 // If not set to true, the field can be modified at any time. 4301 // Defaulted to nil. 4302 // This is an alpha field enabled by ImmutableEphemeralVolumes feature gate. 4303 // +optional 4304 optional bool immutable = 5; 4305 4306 // Data contains the secret data. Each key must consist of alphanumeric 4307 // characters, '-', '_' or '.'. The serialized form of the secret data is a 4308 // base64 encoded string, representing the arbitrary (possibly non-string) 4309 // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 4310 // +optional 4311 map<string, bytes> data = 2; 4312 4313 // stringData allows specifying non-binary secret data in string form. 4314 // It is provided as a write-only convenience method. 4315 // All keys and values are merged into the data field on write, overwriting any existing values. 4316 // It is never output when reading from the API. 4317 // +k8s:conversion-gen=false 4318 // +optional 4319 map<string, string> stringData = 4; 4320 4321 // Used to facilitate programmatic handling of secret data. 4322 // +optional 4323 optional string type = 3; 4324} 4325 4326// SecretEnvSource selects a Secret to populate the environment 4327// variables with. 4328// 4329// The contents of the target Secret's Data field will represent the 4330// key-value pairs as environment variables. 4331message SecretEnvSource { 4332 // The Secret to select from. 4333 optional LocalObjectReference localObjectReference = 1; 4334 4335 // Specify whether the Secret must be defined 4336 // +optional 4337 optional bool optional = 2; 4338} 4339 4340// SecretKeySelector selects a key of a Secret. 4341message SecretKeySelector { 4342 // The name of the secret in the pod's namespace to select from. 4343 optional LocalObjectReference localObjectReference = 1; 4344 4345 // The key of the secret to select from. Must be a valid secret key. 4346 optional string key = 2; 4347 4348 // Specify whether the Secret or its key must be defined 4349 // +optional 4350 optional bool optional = 3; 4351} 4352 4353// SecretList is a list of Secret. 4354message SecretList { 4355 // Standard list metadata. 4356 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 4357 // +optional 4358 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 4359 4360 // Items is a list of secret objects. 4361 // More info: https://kubernetes.io/docs/concepts/configuration/secret 4362 repeated Secret items = 2; 4363} 4364 4365// Adapts a secret into a projected volume. 4366// 4367// The contents of the target Secret's Data field will be presented in a 4368// projected volume as files using the keys in the Data field as the file names. 4369// Note that this is identical to a secret volume source without the default 4370// mode. 4371message SecretProjection { 4372 optional LocalObjectReference localObjectReference = 1; 4373 4374 // If unspecified, each key-value pair in the Data field of the referenced 4375 // Secret will be projected into the volume as a file whose name is the 4376 // key and content is the value. If specified, the listed keys will be 4377 // projected into the specified paths, and unlisted keys will not be 4378 // present. If a key is specified which is not present in the Secret, 4379 // the volume setup will error unless it is marked optional. Paths must be 4380 // relative and may not contain the '..' path or start with '..'. 4381 // +optional 4382 repeated KeyToPath items = 2; 4383 4384 // Specify whether the Secret or its key must be defined 4385 // +optional 4386 optional bool optional = 4; 4387} 4388 4389// SecretReference represents a Secret Reference. It has enough information to retrieve secret 4390// in any namespace 4391message SecretReference { 4392 // Name is unique within a namespace to reference a secret resource. 4393 // +optional 4394 optional string name = 1; 4395 4396 // Namespace defines the space within which the secret name must be unique. 4397 // +optional 4398 optional string namespace = 2; 4399} 4400 4401// Adapts a Secret into a volume. 4402// 4403// The contents of the target Secret's Data field will be presented in a volume 4404// as files using the keys in the Data field as the file names. 4405// Secret volumes support ownership management and SELinux relabeling. 4406message SecretVolumeSource { 4407 // Name of the secret in the pod's namespace to use. 4408 // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 4409 // +optional 4410 optional string secretName = 1; 4411 4412 // If unspecified, each key-value pair in the Data field of the referenced 4413 // Secret will be projected into the volume as a file whose name is the 4414 // key and content is the value. If specified, the listed keys will be 4415 // projected into the specified paths, and unlisted keys will not be 4416 // present. If a key is specified which is not present in the Secret, 4417 // the volume setup will error unless it is marked optional. Paths must be 4418 // relative and may not contain the '..' path or start with '..'. 4419 // +optional 4420 repeated KeyToPath items = 2; 4421 4422 // Optional: mode bits to use on created files by default. Must be a 4423 // value between 0 and 0777. Defaults to 0644. 4424 // Directories within the path are not affected by this setting. 4425 // This might be in conflict with other options that affect the file 4426 // mode, like fsGroup, and the result can be other mode bits set. 4427 // +optional 4428 optional int32 defaultMode = 3; 4429 4430 // Specify whether the Secret or its keys must be defined 4431 // +optional 4432 optional bool optional = 4; 4433} 4434 4435// SecurityContext holds security configuration that will be applied to a container. 4436// Some fields are present in both SecurityContext and PodSecurityContext. When both 4437// are set, the values in SecurityContext take precedence. 4438message SecurityContext { 4439 // The capabilities to add/drop when running containers. 4440 // Defaults to the default set of capabilities granted by the container runtime. 4441 // +optional 4442 optional Capabilities capabilities = 1; 4443 4444 // Run container in privileged mode. 4445 // Processes in privileged containers are essentially equivalent to root on the host. 4446 // Defaults to false. 4447 // +optional 4448 optional bool privileged = 2; 4449 4450 // The SELinux context to be applied to the container. 4451 // If unspecified, the container runtime will allocate a random SELinux context for each 4452 // container. May also be set in PodSecurityContext. If set in both SecurityContext and 4453 // PodSecurityContext, the value specified in SecurityContext takes precedence. 4454 // +optional 4455 optional SELinuxOptions seLinuxOptions = 3; 4456 4457 // The Windows specific settings applied to all containers. 4458 // If unspecified, the options from the PodSecurityContext will be used. 4459 // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4460 // +optional 4461 optional WindowsSecurityContextOptions windowsOptions = 10; 4462 4463 // The UID to run the entrypoint of the container process. 4464 // Defaults to user specified in image metadata if unspecified. 4465 // May also be set in PodSecurityContext. If set in both SecurityContext and 4466 // PodSecurityContext, the value specified in SecurityContext takes precedence. 4467 // +optional 4468 optional int64 runAsUser = 4; 4469 4470 // The GID to run the entrypoint of the container process. 4471 // Uses runtime default if unset. 4472 // May also be set in PodSecurityContext. If set in both SecurityContext and 4473 // PodSecurityContext, the value specified in SecurityContext takes precedence. 4474 // +optional 4475 optional int64 runAsGroup = 8; 4476 4477 // Indicates that the container must run as a non-root user. 4478 // If true, the Kubelet will validate the image at runtime to ensure that it 4479 // does not run as UID 0 (root) and fail to start the container if it does. 4480 // If unset or false, no such validation will be performed. 4481 // May also be set in PodSecurityContext. If set in both SecurityContext and 4482 // PodSecurityContext, the value specified in SecurityContext takes precedence. 4483 // +optional 4484 optional bool runAsNonRoot = 5; 4485 4486 // Whether this container has a read-only root filesystem. 4487 // Default is false. 4488 // +optional 4489 optional bool readOnlyRootFilesystem = 6; 4490 4491 // AllowPrivilegeEscalation controls whether a process can gain more 4492 // privileges than its parent process. This bool directly controls if 4493 // the no_new_privs flag will be set on the container process. 4494 // AllowPrivilegeEscalation is true always when the container is: 4495 // 1) run as Privileged 4496 // 2) has CAP_SYS_ADMIN 4497 // +optional 4498 optional bool allowPrivilegeEscalation = 7; 4499 4500 // procMount denotes the type of proc mount to use for the containers. 4501 // The default is DefaultProcMount which uses the container runtime defaults for 4502 // readonly paths and masked paths. 4503 // This requires the ProcMountType feature flag to be enabled. 4504 // +optional 4505 optional string procMount = 9; 4506} 4507 4508// SerializedReference is a reference to serialized object. 4509message SerializedReference { 4510 // The reference to an object in the system. 4511 // +optional 4512 optional ObjectReference reference = 1; 4513} 4514 4515// Service is a named abstraction of software service (for example, mysql) consisting of local port 4516// (for example 3306) that the proxy listens on, and the selector that determines which pods 4517// will answer requests sent through the proxy. 4518message Service { 4519 // Standard object's metadata. 4520 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4521 // +optional 4522 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 4523 4524 // Spec defines the behavior of a service. 4525 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 4526 // +optional 4527 optional ServiceSpec spec = 2; 4528 4529 // Most recently observed status of the service. 4530 // Populated by the system. 4531 // Read-only. 4532 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 4533 // +optional 4534 optional ServiceStatus status = 3; 4535} 4536 4537// ServiceAccount binds together: 4538// * a name, understood by users, and perhaps by peripheral systems, for an identity 4539// * a principal that can be authenticated and authorized 4540// * a set of secrets 4541message ServiceAccount { 4542 // Standard object's metadata. 4543 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4544 // +optional 4545 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 4546 4547 // Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. 4548 // More info: https://kubernetes.io/docs/concepts/configuration/secret 4549 // +optional 4550 // +patchMergeKey=name 4551 // +patchStrategy=merge 4552 repeated ObjectReference secrets = 2; 4553 4554 // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images 4555 // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets 4556 // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. 4557 // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod 4558 // +optional 4559 repeated LocalObjectReference imagePullSecrets = 3; 4560 4561 // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. 4562 // Can be overridden at the pod level. 4563 // +optional 4564 optional bool automountServiceAccountToken = 4; 4565} 4566 4567// ServiceAccountList is a list of ServiceAccount objects 4568message ServiceAccountList { 4569 // Standard list metadata. 4570 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 4571 // +optional 4572 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 4573 4574 // List of ServiceAccounts. 4575 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 4576 repeated ServiceAccount items = 2; 4577} 4578 4579// ServiceAccountTokenProjection represents a projected service account token 4580// volume. This projection can be used to insert a service account token into 4581// the pods runtime filesystem for use against APIs (Kubernetes API Server or 4582// otherwise). 4583message ServiceAccountTokenProjection { 4584 // Audience is the intended audience of the token. A recipient of a token 4585 // must identify itself with an identifier specified in the audience of the 4586 // token, and otherwise should reject the token. The audience defaults to the 4587 // identifier of the apiserver. 4588 // +optional 4589 optional string audience = 1; 4590 4591 // ExpirationSeconds is the requested duration of validity of the service 4592 // account token. As the token approaches expiration, the kubelet volume 4593 // plugin will proactively rotate the service account token. The kubelet will 4594 // start trying to rotate the token if the token is older than 80 percent of 4595 // its time to live or if the token is older than 24 hours.Defaults to 1 hour 4596 // and must be at least 10 minutes. 4597 // +optional 4598 optional int64 expirationSeconds = 2; 4599 4600 // Path is the path relative to the mount point of the file to project the 4601 // token into. 4602 optional string path = 3; 4603} 4604 4605// ServiceList holds a list of services. 4606message ServiceList { 4607 // Standard list metadata. 4608 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 4609 // +optional 4610 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 4611 4612 // List of services 4613 repeated Service items = 2; 4614} 4615 4616// ServicePort contains information on service's port. 4617message ServicePort { 4618 // The name of this port within the service. This must be a DNS_LABEL. 4619 // All ports within a ServiceSpec must have unique names. When considering 4620 // the endpoints for a Service, this must match the 'name' field in the 4621 // EndpointPort. 4622 // Optional if only one ServicePort is defined on this service. 4623 // +optional 4624 optional string name = 1; 4625 4626 // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". 4627 // Default is TCP. 4628 // +optional 4629 optional string protocol = 2; 4630 4631 // The application protocol for this port. 4632 // This field follows standard Kubernetes label syntax. 4633 // Un-prefixed names are reserved for IANA standard service names (as per 4634 // RFC-6335 and http://www.iana.org/assignments/service-names). 4635 // Non-standard protocols should use prefixed names such as 4636 // mycompany.com/my-custom-protocol. 4637 // Field can be enabled with ServiceAppProtocol feature gate. 4638 // +optional 4639 optional string appProtocol = 6; 4640 4641 // The port that will be exposed by this service. 4642 optional int32 port = 3; 4643 4644 // Number or name of the port to access on the pods targeted by the service. 4645 // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 4646 // If this is a string, it will be looked up as a named port in the 4647 // target Pod's container ports. If this is not specified, the value 4648 // of the 'port' field is used (an identity map). 4649 // This field is ignored for services with clusterIP=None, and should be 4650 // omitted or set equal to the 'port' field. 4651 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service 4652 // +optional 4653 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString targetPort = 4; 4654 4655 // The port on each node on which this service is exposed when type=NodePort or LoadBalancer. 4656 // Usually assigned by the system. If specified, it will be allocated to the service 4657 // if unused or else creation of the service will fail. 4658 // Default is to auto-allocate a port if the ServiceType of this Service requires one. 4659 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport 4660 // +optional 4661 optional int32 nodePort = 5; 4662} 4663 4664// ServiceProxyOptions is the query options to a Service's proxy call. 4665message ServiceProxyOptions { 4666 // Path is the part of URLs that include service endpoints, suffixes, 4667 // and parameters to use for the current proxy request to service. 4668 // For example, the whole request URL is 4669 // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. 4670 // Path is _search?q=user:kimchy. 4671 // +optional 4672 optional string path = 1; 4673} 4674 4675// ServiceSpec describes the attributes that a user creates on a service. 4676message ServiceSpec { 4677 // The list of ports that are exposed by this service. 4678 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies 4679 // +patchMergeKey=port 4680 // +patchStrategy=merge 4681 // +listType=map 4682 // +listMapKey=port 4683 // +listMapKey=protocol 4684 repeated ServicePort ports = 1; 4685 4686 // Route service traffic to pods with label keys and values matching this 4687 // selector. If empty or not present, the service is assumed to have an 4688 // external process managing its endpoints, which Kubernetes will not 4689 // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. 4690 // Ignored if type is ExternalName. 4691 // More info: https://kubernetes.io/docs/concepts/services-networking/service/ 4692 // +optional 4693 map<string, string> selector = 2; 4694 4695 // clusterIP is the IP address of the service and is usually assigned 4696 // randomly by the master. If an address is specified manually and is not in 4697 // use by others, it will be allocated to the service; otherwise, creation 4698 // of the service will fail. This field can not be changed through updates. 4699 // Valid values are "None", empty string (""), or a valid IP address. "None" 4700 // can be specified for headless services when proxying is not required. 4701 // Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if 4702 // type is ExternalName. 4703 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies 4704 // +optional 4705 optional string clusterIP = 3; 4706 4707 // type determines how the Service is exposed. Defaults to ClusterIP. Valid 4708 // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. 4709 // "ExternalName" maps to the specified externalName. 4710 // "ClusterIP" allocates a cluster-internal IP address for load-balancing to 4711 // endpoints. Endpoints are determined by the selector or if that is not 4712 // specified, by manual construction of an Endpoints object. If clusterIP is 4713 // "None", no virtual IP is allocated and the endpoints are published as a 4714 // set of endpoints rather than a stable IP. 4715 // "NodePort" builds on ClusterIP and allocates a port on every node which 4716 // routes to the clusterIP. 4717 // "LoadBalancer" builds on NodePort and creates an 4718 // external load-balancer (if supported in the current cloud) which routes 4719 // to the clusterIP. 4720 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types 4721 // +optional 4722 optional string type = 4; 4723 4724 // externalIPs is a list of IP addresses for which nodes in the cluster 4725 // will also accept traffic for this service. These IPs are not managed by 4726 // Kubernetes. The user is responsible for ensuring that traffic arrives 4727 // at a node with this IP. A common example is external load-balancers 4728 // that are not part of the Kubernetes system. 4729 // +optional 4730 repeated string externalIPs = 5; 4731 4732 // Supports "ClientIP" and "None". Used to maintain session affinity. 4733 // Enable client IP based session affinity. 4734 // Must be ClientIP or None. 4735 // Defaults to None. 4736 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies 4737 // +optional 4738 optional string sessionAffinity = 7; 4739 4740 // Only applies to Service Type: LoadBalancer 4741 // LoadBalancer will get created with the IP specified in this field. 4742 // This feature depends on whether the underlying cloud-provider supports specifying 4743 // the loadBalancerIP when a load balancer is created. 4744 // This field will be ignored if the cloud-provider does not support the feature. 4745 // +optional 4746 optional string loadBalancerIP = 8; 4747 4748 // If specified and supported by the platform, this will restrict traffic through the cloud-provider 4749 // load-balancer will be restricted to the specified client IPs. This field will be ignored if the 4750 // cloud-provider does not support the feature." 4751 // More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ 4752 // +optional 4753 repeated string loadBalancerSourceRanges = 9; 4754 4755 // externalName is the external reference that kubedns or equivalent will 4756 // return as a CNAME record for this service. No proxying will be involved. 4757 // Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) 4758 // and requires Type to be ExternalName. 4759 // +optional 4760 optional string externalName = 10; 4761 4762 // externalTrafficPolicy denotes if this Service desires to route external 4763 // traffic to node-local or cluster-wide endpoints. "Local" preserves the 4764 // client source IP and avoids a second hop for LoadBalancer and Nodeport 4765 // type services, but risks potentially imbalanced traffic spreading. 4766 // "Cluster" obscures the client source IP and may cause a second hop to 4767 // another node, but should have good overall load-spreading. 4768 // +optional 4769 optional string externalTrafficPolicy = 11; 4770 4771 // healthCheckNodePort specifies the healthcheck nodePort for the service. 4772 // If not specified, HealthCheckNodePort is created by the service api 4773 // backend with the allocated nodePort. Will use user-specified nodePort value 4774 // if specified by the client. Only effects when Type is set to LoadBalancer 4775 // and ExternalTrafficPolicy is set to Local. 4776 // +optional 4777 optional int32 healthCheckNodePort = 12; 4778 4779 // publishNotReadyAddresses, when set to true, indicates that DNS implementations 4780 // must publish the notReadyAddresses of subsets for the Endpoints associated with 4781 // the Service. The default value is false. 4782 // The primary use case for setting this field is to use a StatefulSet's Headless Service 4783 // to propagate SRV records for its Pods without respect to their readiness for purpose 4784 // of peer discovery. 4785 // +optional 4786 optional bool publishNotReadyAddresses = 13; 4787 4788 // sessionAffinityConfig contains the configurations of session affinity. 4789 // +optional 4790 optional SessionAffinityConfig sessionAffinityConfig = 14; 4791 4792 // ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. 4793 // IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is 4794 // available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. 4795 // Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which 4796 // allocate external load-balancers should use the same IP family. Endpoints for this Service will be of 4797 // this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the 4798 // cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. 4799 // +optional 4800 optional string ipFamily = 15; 4801 4802 // topologyKeys is a preference-order list of topology keys which 4803 // implementations of services should use to preferentially sort endpoints 4804 // when accessing this Service, it can not be used at the same time as 4805 // externalTrafficPolicy=Local. 4806 // Topology keys must be valid label keys and at most 16 keys may be specified. 4807 // Endpoints are chosen based on the first topology key with available backends. 4808 // If this field is specified and all entries have no backends that match 4809 // the topology of the client, the service has no backends for that client 4810 // and connections should fail. 4811 // The special value "*" may be used to mean "any topology". This catch-all 4812 // value, if used, only makes sense as the last value in the list. 4813 // If this is not specified or empty, no topology constraints will be applied. 4814 // +optional 4815 repeated string topologyKeys = 16; 4816} 4817 4818// ServiceStatus represents the current status of a service. 4819message ServiceStatus { 4820 // LoadBalancer contains the current status of the load-balancer, 4821 // if one is present. 4822 // +optional 4823 optional LoadBalancerStatus loadBalancer = 1; 4824} 4825 4826// SessionAffinityConfig represents the configurations of session affinity. 4827message SessionAffinityConfig { 4828 // clientIP contains the configurations of Client IP based session affinity. 4829 // +optional 4830 optional ClientIPConfig clientIP = 1; 4831} 4832 4833// Represents a StorageOS persistent volume resource. 4834message StorageOSPersistentVolumeSource { 4835 // VolumeName is the human-readable name of the StorageOS volume. Volume 4836 // names are only unique within a namespace. 4837 optional string volumeName = 1; 4838 4839 // VolumeNamespace specifies the scope of the volume within StorageOS. If no 4840 // namespace is specified then the Pod's namespace will be used. This allows the 4841 // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. 4842 // Set VolumeName to any name to override the default behaviour. 4843 // Set to "default" if you are not using namespaces within StorageOS. 4844 // Namespaces that do not pre-exist within StorageOS will be created. 4845 // +optional 4846 optional string volumeNamespace = 2; 4847 4848 // Filesystem type to mount. 4849 // Must be a filesystem type supported by the host operating system. 4850 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4851 // +optional 4852 optional string fsType = 3; 4853 4854 // Defaults to false (read/write). ReadOnly here will force 4855 // the ReadOnly setting in VolumeMounts. 4856 // +optional 4857 optional bool readOnly = 4; 4858 4859 // SecretRef specifies the secret to use for obtaining the StorageOS API 4860 // credentials. If not specified, default values will be attempted. 4861 // +optional 4862 optional ObjectReference secretRef = 5; 4863} 4864 4865// Represents a StorageOS persistent volume resource. 4866message StorageOSVolumeSource { 4867 // VolumeName is the human-readable name of the StorageOS volume. Volume 4868 // names are only unique within a namespace. 4869 optional string volumeName = 1; 4870 4871 // VolumeNamespace specifies the scope of the volume within StorageOS. If no 4872 // namespace is specified then the Pod's namespace will be used. This allows the 4873 // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. 4874 // Set VolumeName to any name to override the default behaviour. 4875 // Set to "default" if you are not using namespaces within StorageOS. 4876 // Namespaces that do not pre-exist within StorageOS will be created. 4877 // +optional 4878 optional string volumeNamespace = 2; 4879 4880 // Filesystem type to mount. 4881 // Must be a filesystem type supported by the host operating system. 4882 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4883 // +optional 4884 optional string fsType = 3; 4885 4886 // Defaults to false (read/write). ReadOnly here will force 4887 // the ReadOnly setting in VolumeMounts. 4888 // +optional 4889 optional bool readOnly = 4; 4890 4891 // SecretRef specifies the secret to use for obtaining the StorageOS API 4892 // credentials. If not specified, default values will be attempted. 4893 // +optional 4894 optional LocalObjectReference secretRef = 5; 4895} 4896 4897// Sysctl defines a kernel parameter to be set 4898message Sysctl { 4899 // Name of a property to set 4900 optional string name = 1; 4901 4902 // Value of a property to set 4903 optional string value = 2; 4904} 4905 4906// TCPSocketAction describes an action based on opening a socket 4907message TCPSocketAction { 4908 // Number or name of the port to access on the container. 4909 // Number must be in the range 1 to 65535. 4910 // Name must be an IANA_SVC_NAME. 4911 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 1; 4912 4913 // Optional: Host name to connect to, defaults to the pod IP. 4914 // +optional 4915 optional string host = 2; 4916} 4917 4918// The node this Taint is attached to has the "effect" on 4919// any pod that does not tolerate the Taint. 4920message Taint { 4921 // Required. The taint key to be applied to a node. 4922 optional string key = 1; 4923 4924 // The taint value corresponding to the taint key. 4925 // +optional 4926 optional string value = 2; 4927 4928 // Required. The effect of the taint on pods 4929 // that do not tolerate the taint. 4930 // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 4931 optional string effect = 3; 4932 4933 // TimeAdded represents the time at which the taint was added. 4934 // It is only written for NoExecute taints. 4935 // +optional 4936 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time timeAdded = 4; 4937} 4938 4939// The pod this Toleration is attached to tolerates any taint that matches 4940// the triple <key,value,effect> using the matching operator <operator>. 4941message Toleration { 4942 // Key is the taint key that the toleration applies to. Empty means match all taint keys. 4943 // If the key is empty, operator must be Exists; this combination means to match all values and all keys. 4944 // +optional 4945 optional string key = 1; 4946 4947 // Operator represents a key's relationship to the value. 4948 // Valid operators are Exists and Equal. Defaults to Equal. 4949 // Exists is equivalent to wildcard for value, so that a pod can 4950 // tolerate all taints of a particular category. 4951 // +optional 4952 optional string operator = 2; 4953 4954 // Value is the taint value the toleration matches to. 4955 // If the operator is Exists, the value should be empty, otherwise just a regular string. 4956 // +optional 4957 optional string value = 3; 4958 4959 // Effect indicates the taint effect to match. Empty means match all taint effects. 4960 // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 4961 // +optional 4962 optional string effect = 4; 4963 4964 // TolerationSeconds represents the period of time the toleration (which must be 4965 // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 4966 // it is not set, which means tolerate the taint forever (do not evict). Zero and 4967 // negative values will be treated as 0 (evict immediately) by the system. 4968 // +optional 4969 optional int64 tolerationSeconds = 5; 4970} 4971 4972// A topology selector requirement is a selector that matches given label. 4973// This is an alpha feature and may change in the future. 4974message TopologySelectorLabelRequirement { 4975 // The label key that the selector applies to. 4976 optional string key = 1; 4977 4978 // An array of string values. One value must match the label to be selected. 4979 // Each entry in Values is ORed. 4980 repeated string values = 2; 4981} 4982 4983// A topology selector term represents the result of label queries. 4984// A null or empty topology selector term matches no objects. 4985// The requirements of them are ANDed. 4986// It provides a subset of functionality as NodeSelectorTerm. 4987// This is an alpha feature and may change in the future. 4988message TopologySelectorTerm { 4989 // A list of topology selector requirements by labels. 4990 // +optional 4991 repeated TopologySelectorLabelRequirement matchLabelExpressions = 1; 4992} 4993 4994// TopologySpreadConstraint specifies how to spread matching pods among the given topology. 4995message TopologySpreadConstraint { 4996 // MaxSkew describes the degree to which pods may be unevenly distributed. 4997 // It's the maximum permitted difference between the number of matching pods in 4998 // any two topology domains of a given topology type. 4999 // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same 5000 // labelSelector spread as 1/1/0: 5001 // +-------+-------+-------+ 5002 // | zone1 | zone2 | zone3 | 5003 // +-------+-------+-------+ 5004 // | P | P | | 5005 // +-------+-------+-------+ 5006 // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; 5007 // scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) 5008 // violate MaxSkew(1). 5009 // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. 5010 // It's a required field. Default value is 1 and 0 is not allowed. 5011 optional int32 maxSkew = 1; 5012 5013 // TopologyKey is the key of node labels. Nodes that have a label with this key 5014 // and identical values are considered to be in the same topology. 5015 // We consider each <key, value> as a "bucket", and try to put balanced number 5016 // of pods into each bucket. 5017 // It's a required field. 5018 optional string topologyKey = 2; 5019 5020 // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy 5021 // the spread constraint. 5022 // - DoNotSchedule (default) tells the scheduler not to schedule it 5023 // - ScheduleAnyway tells the scheduler to still schedule it 5024 // It's considered as "Unsatisfiable" if and only if placing incoming pod on any 5025 // topology violates "MaxSkew". 5026 // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same 5027 // labelSelector spread as 3/1/1: 5028 // +-------+-------+-------+ 5029 // | zone1 | zone2 | zone3 | 5030 // +-------+-------+-------+ 5031 // | P P P | P | P | 5032 // +-------+-------+-------+ 5033 // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled 5034 // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies 5035 // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler 5036 // won't make it *more* imbalanced. 5037 // It's a required field. 5038 optional string whenUnsatisfiable = 3; 5039 5040 // LabelSelector is used to find matching pods. 5041 // Pods that match this label selector are counted to determine the number of pods 5042 // in their corresponding topology domain. 5043 // +optional 5044 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 4; 5045} 5046 5047// TypedLocalObjectReference contains enough information to let you locate the 5048// typed referenced object inside the same namespace. 5049message TypedLocalObjectReference { 5050 // APIGroup is the group for the resource being referenced. 5051 // If APIGroup is not specified, the specified Kind must be in the core API group. 5052 // For any other third-party types, APIGroup is required. 5053 // +optional 5054 optional string apiGroup = 1; 5055 5056 // Kind is the type of resource being referenced 5057 optional string kind = 2; 5058 5059 // Name is the name of resource being referenced 5060 optional string name = 3; 5061} 5062 5063// Volume represents a named volume in a pod that may be accessed by any container in the pod. 5064message Volume { 5065 // Volume's name. 5066 // Must be a DNS_LABEL and unique within the pod. 5067 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5068 optional string name = 1; 5069 5070 // VolumeSource represents the location and type of the mounted volume. 5071 // If not specified, the Volume is implied to be an EmptyDir. 5072 // This implied behavior is deprecated and will be removed in a future version. 5073 optional VolumeSource volumeSource = 2; 5074} 5075 5076// volumeDevice describes a mapping of a raw block device within a container. 5077message VolumeDevice { 5078 // name must match the name of a persistentVolumeClaim in the pod 5079 optional string name = 1; 5080 5081 // devicePath is the path inside of the container that the device will be mapped to. 5082 optional string devicePath = 2; 5083} 5084 5085// VolumeMount describes a mounting of a Volume within a container. 5086message VolumeMount { 5087 // This must match the Name of a Volume. 5088 optional string name = 1; 5089 5090 // Mounted read-only if true, read-write otherwise (false or unspecified). 5091 // Defaults to false. 5092 // +optional 5093 optional bool readOnly = 2; 5094 5095 // Path within the container at which the volume should be mounted. Must 5096 // not contain ':'. 5097 optional string mountPath = 3; 5098 5099 // Path within the volume from which the container's volume should be mounted. 5100 // Defaults to "" (volume's root). 5101 // +optional 5102 optional string subPath = 4; 5103 5104 // mountPropagation determines how mounts are propagated from the host 5105 // to container and the other way around. 5106 // When not set, MountPropagationNone is used. 5107 // This field is beta in 1.10. 5108 // +optional 5109 optional string mountPropagation = 5; 5110 5111 // Expanded path within the volume from which the container's volume should be mounted. 5112 // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 5113 // Defaults to "" (volume's root). 5114 // SubPathExpr and SubPath are mutually exclusive. 5115 // +optional 5116 optional string subPathExpr = 6; 5117} 5118 5119// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. 5120message VolumeNodeAffinity { 5121 // Required specifies hard node constraints that must be met. 5122 optional NodeSelector required = 1; 5123} 5124 5125// Projection that may be projected along with other supported volume types 5126message VolumeProjection { 5127 // information about the secret data to project 5128 // +optional 5129 optional SecretProjection secret = 1; 5130 5131 // information about the downwardAPI data to project 5132 // +optional 5133 optional DownwardAPIProjection downwardAPI = 2; 5134 5135 // information about the configMap data to project 5136 // +optional 5137 optional ConfigMapProjection configMap = 3; 5138 5139 // information about the serviceAccountToken data to project 5140 // +optional 5141 optional ServiceAccountTokenProjection serviceAccountToken = 4; 5142} 5143 5144// Represents the source of a volume to mount. 5145// Only one of its members may be specified. 5146message VolumeSource { 5147 // HostPath represents a pre-existing file or directory on the host 5148 // machine that is directly exposed to the container. This is generally 5149 // used for system agents or other privileged things that are allowed 5150 // to see the host machine. Most containers will NOT need this. 5151 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 5152 // --- 5153 // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not 5154 // mount host directories as read/write. 5155 // +optional 5156 optional HostPathVolumeSource hostPath = 1; 5157 5158 // EmptyDir represents a temporary directory that shares a pod's lifetime. 5159 // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 5160 // +optional 5161 optional EmptyDirVolumeSource emptyDir = 2; 5162 5163 // GCEPersistentDisk represents a GCE Disk resource that is attached to a 5164 // kubelet's host machine and then exposed to the pod. 5165 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 5166 // +optional 5167 optional GCEPersistentDiskVolumeSource gcePersistentDisk = 3; 5168 5169 // AWSElasticBlockStore represents an AWS Disk resource that is attached to a 5170 // kubelet's host machine and then exposed to the pod. 5171 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 5172 // +optional 5173 optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 4; 5174 5175 // GitRepo represents a git repository at a particular revision. 5176 // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an 5177 // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir 5178 // into the Pod's container. 5179 // +optional 5180 optional GitRepoVolumeSource gitRepo = 5; 5181 5182 // Secret represents a secret that should populate this volume. 5183 // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 5184 // +optional 5185 optional SecretVolumeSource secret = 6; 5186 5187 // NFS represents an NFS mount on the host that shares a pod's lifetime 5188 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 5189 // +optional 5190 optional NFSVolumeSource nfs = 7; 5191 5192 // ISCSI represents an ISCSI Disk resource that is attached to a 5193 // kubelet's host machine and then exposed to the pod. 5194 // More info: https://examples.k8s.io/volumes/iscsi/README.md 5195 // +optional 5196 optional ISCSIVolumeSource iscsi = 8; 5197 5198 // Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. 5199 // More info: https://examples.k8s.io/volumes/glusterfs/README.md 5200 // +optional 5201 optional GlusterfsVolumeSource glusterfs = 9; 5202 5203 // PersistentVolumeClaimVolumeSource represents a reference to a 5204 // PersistentVolumeClaim in the same namespace. 5205 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 5206 // +optional 5207 optional PersistentVolumeClaimVolumeSource persistentVolumeClaim = 10; 5208 5209 // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. 5210 // More info: https://examples.k8s.io/volumes/rbd/README.md 5211 // +optional 5212 optional RBDVolumeSource rbd = 11; 5213 5214 // FlexVolume represents a generic volume resource that is 5215 // provisioned/attached using an exec based plugin. 5216 // +optional 5217 optional FlexVolumeSource flexVolume = 12; 5218 5219 // Cinder represents a cinder volume attached and mounted on kubelets host machine. 5220 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md 5221 // +optional 5222 optional CinderVolumeSource cinder = 13; 5223 5224 // CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 5225 // +optional 5226 optional CephFSVolumeSource cephfs = 14; 5227 5228 // Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 5229 // +optional 5230 optional FlockerVolumeSource flocker = 15; 5231 5232 // DownwardAPI represents downward API about the pod that should populate this volume 5233 // +optional 5234 optional DownwardAPIVolumeSource downwardAPI = 16; 5235 5236 // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 5237 // +optional 5238 optional FCVolumeSource fc = 17; 5239 5240 // AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 5241 // +optional 5242 optional AzureFileVolumeSource azureFile = 18; 5243 5244 // ConfigMap represents a configMap that should populate this volume 5245 // +optional 5246 optional ConfigMapVolumeSource configMap = 19; 5247 5248 // VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 5249 // +optional 5250 optional VsphereVirtualDiskVolumeSource vsphereVolume = 20; 5251 5252 // Quobyte represents a Quobyte mount on the host that shares a pod's lifetime 5253 // +optional 5254 optional QuobyteVolumeSource quobyte = 21; 5255 5256 // AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 5257 // +optional 5258 optional AzureDiskVolumeSource azureDisk = 22; 5259 5260 // PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 5261 optional PhotonPersistentDiskVolumeSource photonPersistentDisk = 23; 5262 5263 // Items for all in one resources secrets, configmaps, and downward API 5264 optional ProjectedVolumeSource projected = 26; 5265 5266 // PortworxVolume represents a portworx volume attached and mounted on kubelets host machine 5267 // +optional 5268 optional PortworxVolumeSource portworxVolume = 24; 5269 5270 // ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 5271 // +optional 5272 optional ScaleIOVolumeSource scaleIO = 25; 5273 5274 // StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. 5275 // +optional 5276 optional StorageOSVolumeSource storageos = 27; 5277 5278 // CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). 5279 // +optional 5280 optional CSIVolumeSource csi = 28; 5281} 5282 5283// Represents a vSphere volume resource. 5284message VsphereVirtualDiskVolumeSource { 5285 // Path that identifies vSphere volume vmdk 5286 optional string volumePath = 1; 5287 5288 // Filesystem type to mount. 5289 // Must be a filesystem type supported by the host operating system. 5290 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5291 // +optional 5292 optional string fsType = 2; 5293 5294 // Storage Policy Based Management (SPBM) profile name. 5295 // +optional 5296 optional string storagePolicyName = 3; 5297 5298 // Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 5299 // +optional 5300 optional string storagePolicyID = 4; 5301} 5302 5303// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 5304message WeightedPodAffinityTerm { 5305 // weight associated with matching the corresponding podAffinityTerm, 5306 // in the range 1-100. 5307 optional int32 weight = 1; 5308 5309 // Required. A pod affinity term, associated with the corresponding weight. 5310 optional PodAffinityTerm podAffinityTerm = 2; 5311} 5312 5313// WindowsSecurityContextOptions contain Windows-specific options and credentials. 5314message WindowsSecurityContextOptions { 5315 // GMSACredentialSpecName is the name of the GMSA credential spec to use. 5316 // +optional 5317 optional string gmsaCredentialSpecName = 1; 5318 5319 // GMSACredentialSpec is where the GMSA admission webhook 5320 // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 5321 // GMSA credential spec named by the GMSACredentialSpecName field. 5322 // +optional 5323 optional string gmsaCredentialSpec = 2; 5324 5325 // The UserName in Windows to run the entrypoint of the container process. 5326 // Defaults to the user specified in image metadata if unspecified. 5327 // May also be set in PodSecurityContext. If set in both SecurityContext and 5328 // PodSecurityContext, the value specified in SecurityContext takes precedence. 5329 // +optional 5330 optional string runAsUserName = 3; 5331} 5332 5333