1/* 2Copyright The Kubernetes Authors. 3 4Licensed under the Apache License, Version 2.0 (the "License"); 5you may not use this file except in compliance with the License. 6You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10Unless required by applicable law or agreed to in writing, software 11distributed under the License is distributed on an "AS IS" BASIS, 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13See the License for the specific language governing permissions and 14limitations under the License. 15*/ 16 17 18// This file was autogenerated by go-to-protobuf. Do not edit it manually! 19 20syntax = 'proto2'; 21 22package k8s.io.api.core.v1; 23 24import "k8s.io/apimachinery/pkg/api/resource/generated.proto"; 25import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; 26import "k8s.io/apimachinery/pkg/runtime/generated.proto"; 27import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; 28import "k8s.io/apimachinery/pkg/util/intstr/generated.proto"; 29 30// Package-wide variables from generator "generated". 31option go_package = "v1"; 32 33// Represents a Persistent Disk resource in AWS. 34// 35// An AWS EBS disk must exist before mounting to a container. The disk 36// must also be in the same AWS zone as the kubelet. An AWS EBS disk 37// can only be mounted as read/write once. AWS EBS volumes support 38// ownership management and SELinux relabeling. 39message AWSElasticBlockStoreVolumeSource { 40 // Unique ID of the persistent disk resource in AWS (Amazon EBS volume). 41 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 42 optional string volumeID = 1; 43 44 // Filesystem type of the volume that you want to mount. 45 // Tip: Ensure that the filesystem type is supported by the host operating system. 46 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 47 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 48 // TODO: how do we prevent errors in the filesystem from compromising the machine 49 // +optional 50 optional string fsType = 2; 51 52 // The partition in the volume that you want to mount. 53 // If omitted, the default is to mount by volume name. 54 // Examples: For volume /dev/sda1, you specify the partition as "1". 55 // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 56 // +optional 57 optional int32 partition = 3; 58 59 // Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". 60 // If omitted, the default is "false". 61 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 62 // +optional 63 optional bool readOnly = 4; 64} 65 66// Affinity is a group of affinity scheduling rules. 67message Affinity { 68 // Describes node affinity scheduling rules for the pod. 69 // +optional 70 optional NodeAffinity nodeAffinity = 1; 71 72 // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 73 // +optional 74 optional PodAffinity podAffinity = 2; 75 76 // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 77 // +optional 78 optional PodAntiAffinity podAntiAffinity = 3; 79} 80 81// AttachedVolume describes a volume attached to a node 82message AttachedVolume { 83 // Name of the attached volume 84 optional string name = 1; 85 86 // DevicePath represents the device path where the volume should be available 87 optional string devicePath = 2; 88} 89 90// AvoidPods describes pods that should avoid this node. This is the value for a 91// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and 92// will eventually become a field of NodeStatus. 93message AvoidPods { 94 // Bounded-sized list of signatures of pods that should avoid this node, sorted 95 // in timestamp order from oldest to newest. Size of the slice is unspecified. 96 // +optional 97 repeated PreferAvoidPodsEntry preferAvoidPods = 1; 98} 99 100// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 101message AzureDiskVolumeSource { 102 // The Name of the data disk in the blob storage 103 optional string diskName = 1; 104 105 // The URI the data disk in the blob storage 106 optional string diskURI = 2; 107 108 // Host Caching mode: None, Read Only, Read Write. 109 // +optional 110 optional string cachingMode = 3; 111 112 // Filesystem type to mount. 113 // Must be a filesystem type supported by the host operating system. 114 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 115 // +optional 116 optional string fsType = 4; 117 118 // Defaults to false (read/write). ReadOnly here will force 119 // the ReadOnly setting in VolumeMounts. 120 // +optional 121 optional bool readOnly = 5; 122 123 // Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 124 optional string kind = 6; 125} 126 127// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 128message AzureFilePersistentVolumeSource { 129 // the name of secret that contains Azure Storage Account Name and Key 130 optional string secretName = 1; 131 132 // Share Name 133 optional string shareName = 2; 134 135 // Defaults to false (read/write). ReadOnly here will force 136 // the ReadOnly setting in VolumeMounts. 137 // +optional 138 optional bool readOnly = 3; 139 140 // the namespace of the secret that contains Azure Storage Account Name and Key 141 // default is the same as the Pod 142 // +optional 143 optional string secretNamespace = 4; 144} 145 146// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 147message AzureFileVolumeSource { 148 // the name of secret that contains Azure Storage Account Name and Key 149 optional string secretName = 1; 150 151 // Share Name 152 optional string shareName = 2; 153 154 // Defaults to false (read/write). ReadOnly here will force 155 // the ReadOnly setting in VolumeMounts. 156 // +optional 157 optional bool readOnly = 3; 158} 159 160// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. 161// Deprecated in 1.7, please use the bindings subresource of pods instead. 162message Binding { 163 // Standard object's metadata. 164 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 165 // +optional 166 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 167 168 // The target object that you want to bind to the standard object. 169 optional ObjectReference target = 2; 170} 171 172// Represents storage that is managed by an external CSI volume driver (Beta feature) 173message CSIPersistentVolumeSource { 174 // Driver is the name of the driver to use for this volume. 175 // Required. 176 optional string driver = 1; 177 178 // VolumeHandle is the unique volume name returned by the CSI volume 179 // plugin’s CreateVolume to refer to the volume on all subsequent calls. 180 // Required. 181 optional string volumeHandle = 2; 182 183 // Optional: The value to pass to ControllerPublishVolumeRequest. 184 // Defaults to false (read/write). 185 // +optional 186 optional bool readOnly = 3; 187 188 // Filesystem type to mount. 189 // Must be a filesystem type supported by the host operating system. 190 // Ex. "ext4", "xfs", "ntfs". 191 // +optional 192 optional string fsType = 4; 193 194 // Attributes of the volume to publish. 195 // +optional 196 map<string, string> volumeAttributes = 5; 197 198 // ControllerPublishSecretRef is a reference to the secret object containing 199 // sensitive information to pass to the CSI driver to complete the CSI 200 // ControllerPublishVolume and ControllerUnpublishVolume calls. 201 // This field is optional, and may be empty if no secret is required. If the 202 // secret object contains more than one secret, all secrets are passed. 203 // +optional 204 optional SecretReference controllerPublishSecretRef = 6; 205 206 // NodeStageSecretRef is a reference to the secret object containing sensitive 207 // information to pass to the CSI driver to complete the CSI NodeStageVolume 208 // and NodeStageVolume and NodeUnstageVolume calls. 209 // This field is optional, and may be empty if no secret is required. If the 210 // secret object contains more than one secret, all secrets are passed. 211 // +optional 212 optional SecretReference nodeStageSecretRef = 7; 213 214 // NodePublishSecretRef is a reference to the secret object containing 215 // sensitive information to pass to the CSI driver to complete the CSI 216 // NodePublishVolume and NodeUnpublishVolume calls. 217 // This field is optional, and may be empty if no secret is required. If the 218 // secret object contains more than one secret, all secrets are passed. 219 // +optional 220 optional SecretReference nodePublishSecretRef = 8; 221} 222 223// Adds and removes POSIX capabilities from running containers. 224message Capabilities { 225 // Added capabilities 226 // +optional 227 repeated string add = 1; 228 229 // Removed capabilities 230 // +optional 231 repeated string drop = 2; 232} 233 234// Represents a Ceph Filesystem mount that lasts the lifetime of a pod 235// Cephfs volumes do not support ownership management or SELinux relabeling. 236message CephFSPersistentVolumeSource { 237 // Required: Monitors is a collection of Ceph monitors 238 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 239 repeated string monitors = 1; 240 241 // Optional: Used as the mounted root, rather than the full Ceph tree, default is / 242 // +optional 243 optional string path = 2; 244 245 // Optional: User is the rados user name, default is admin 246 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 247 // +optional 248 optional string user = 3; 249 250 // Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret 251 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 252 // +optional 253 optional string secretFile = 4; 254 255 // Optional: SecretRef is reference to the authentication secret for User, default is empty. 256 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 257 // +optional 258 optional SecretReference secretRef = 5; 259 260 // Optional: Defaults to false (read/write). ReadOnly here will force 261 // the ReadOnly setting in VolumeMounts. 262 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 263 // +optional 264 optional bool readOnly = 6; 265} 266 267// Represents a Ceph Filesystem mount that lasts the lifetime of a pod 268// Cephfs volumes do not support ownership management or SELinux relabeling. 269message CephFSVolumeSource { 270 // Required: Monitors is a collection of Ceph monitors 271 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 272 repeated string monitors = 1; 273 274 // Optional: Used as the mounted root, rather than the full Ceph tree, default is / 275 // +optional 276 optional string path = 2; 277 278 // Optional: User is the rados user name, default is admin 279 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 280 // +optional 281 optional string user = 3; 282 283 // Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret 284 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 285 // +optional 286 optional string secretFile = 4; 287 288 // Optional: SecretRef is reference to the authentication secret for User, default is empty. 289 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 290 // +optional 291 optional LocalObjectReference secretRef = 5; 292 293 // Optional: Defaults to false (read/write). ReadOnly here will force 294 // the ReadOnly setting in VolumeMounts. 295 // More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it 296 // +optional 297 optional bool readOnly = 6; 298} 299 300// Represents a cinder volume resource in Openstack. 301// A Cinder volume must exist before mounting to a container. 302// The volume must also be in the same region as the kubelet. 303// Cinder volumes support ownership management and SELinux relabeling. 304message CinderPersistentVolumeSource { 305 // volume id used to identify the volume in cinder 306 // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md 307 optional string volumeID = 1; 308 309 // Filesystem type to mount. 310 // Must be a filesystem type supported by the host operating system. 311 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 312 // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md 313 // +optional 314 optional string fsType = 2; 315 316 // Optional: Defaults to false (read/write). ReadOnly here will force 317 // the ReadOnly setting in VolumeMounts. 318 // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md 319 // +optional 320 optional bool readOnly = 3; 321 322 // Optional: points to a secret object containing parameters used to connect 323 // to OpenStack. 324 // +optional 325 optional SecretReference secretRef = 4; 326} 327 328// Represents a cinder volume resource in Openstack. 329// A Cinder volume must exist before mounting to a container. 330// The volume must also be in the same region as the kubelet. 331// Cinder volumes support ownership management and SELinux relabeling. 332message CinderVolumeSource { 333 // volume id used to identify the volume in cinder 334 // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md 335 optional string volumeID = 1; 336 337 // Filesystem type to mount. 338 // Must be a filesystem type supported by the host operating system. 339 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 340 // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md 341 // +optional 342 optional string fsType = 2; 343 344 // Optional: Defaults to false (read/write). ReadOnly here will force 345 // the ReadOnly setting in VolumeMounts. 346 // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md 347 // +optional 348 optional bool readOnly = 3; 349 350 // Optional: points to a secret object containing parameters used to connect 351 // to OpenStack. 352 // +optional 353 optional LocalObjectReference secretRef = 4; 354} 355 356// ClientIPConfig represents the configurations of Client IP based session affinity. 357message ClientIPConfig { 358 // timeoutSeconds specifies the seconds of ClientIP type session sticky time. 359 // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". 360 // Default value is 10800(for 3 hours). 361 // +optional 362 optional int32 timeoutSeconds = 1; 363} 364 365// Information about the condition of a component. 366message ComponentCondition { 367 // Type of condition for a component. 368 // Valid value: "Healthy" 369 optional string type = 1; 370 371 // Status of the condition for a component. 372 // Valid values for "Healthy": "True", "False", or "Unknown". 373 optional string status = 2; 374 375 // Message about the condition for a component. 376 // For example, information about a health check. 377 // +optional 378 optional string message = 3; 379 380 // Condition error code for a component. 381 // For example, a health check error code. 382 // +optional 383 optional string error = 4; 384} 385 386// ComponentStatus (and ComponentStatusList) holds the cluster validation info. 387message ComponentStatus { 388 // Standard object's metadata. 389 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 390 // +optional 391 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 392 393 // List of component conditions observed 394 // +optional 395 // +patchMergeKey=type 396 // +patchStrategy=merge 397 repeated ComponentCondition conditions = 2; 398} 399 400// Status of all the conditions for the component as a list of ComponentStatus objects. 401message ComponentStatusList { 402 // Standard list metadata. 403 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 404 // +optional 405 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 406 407 // List of ComponentStatus objects. 408 repeated ComponentStatus items = 2; 409} 410 411// ConfigMap holds configuration data for pods to consume. 412message ConfigMap { 413 // Standard object's metadata. 414 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 415 // +optional 416 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 417 418 // Data contains the configuration data. 419 // Each key must consist of alphanumeric characters, '-', '_' or '.'. 420 // Values with non-UTF-8 byte sequences must use the BinaryData field. 421 // The keys stored in Data must not overlap with the keys in 422 // the BinaryData field, this is enforced during validation process. 423 // +optional 424 map<string, string> data = 2; 425 426 // BinaryData contains the binary data. 427 // Each key must consist of alphanumeric characters, '-', '_' or '.'. 428 // BinaryData can contain byte sequences that are not in the UTF-8 range. 429 // The keys stored in BinaryData must not overlap with the ones in 430 // the Data field, this is enforced during validation process. 431 // Using this field will require 1.10+ apiserver and 432 // kubelet. 433 // +optional 434 map<string, bytes> binaryData = 3; 435} 436 437// ConfigMapEnvSource selects a ConfigMap to populate the environment 438// variables with. 439// 440// The contents of the target ConfigMap's Data field will represent the 441// key-value pairs as environment variables. 442message ConfigMapEnvSource { 443 // The ConfigMap to select from. 444 optional LocalObjectReference localObjectReference = 1; 445 446 // Specify whether the ConfigMap must be defined 447 // +optional 448 optional bool optional = 2; 449} 450 451// Selects a key from a ConfigMap. 452message ConfigMapKeySelector { 453 // The ConfigMap to select from. 454 optional LocalObjectReference localObjectReference = 1; 455 456 // The key to select. 457 optional string key = 2; 458 459 // Specify whether the ConfigMap or it's key must be defined 460 // +optional 461 optional bool optional = 3; 462} 463 464// ConfigMapList is a resource containing a list of ConfigMap objects. 465message ConfigMapList { 466 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 467 // +optional 468 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 469 470 // Items is the list of ConfigMaps. 471 repeated ConfigMap items = 2; 472} 473 474// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. 475message ConfigMapNodeConfigSource { 476 // Namespace is the metadata.namespace of the referenced ConfigMap. 477 // This field is required in all cases. 478 optional string namespace = 1; 479 480 // Name is the metadata.name of the referenced ConfigMap. 481 // This field is required in all cases. 482 optional string name = 2; 483 484 // UID is the metadata.UID of the referenced ConfigMap. 485 // This field is forbidden in Node.Spec, and required in Node.Status. 486 // +optional 487 optional string uid = 3; 488 489 // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. 490 // This field is forbidden in Node.Spec, and required in Node.Status. 491 // +optional 492 optional string resourceVersion = 4; 493 494 // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure 495 // This field is required in all cases. 496 optional string kubeletConfigKey = 5; 497} 498 499// Adapts a ConfigMap into a projected volume. 500// 501// The contents of the target ConfigMap's Data field will be presented in a 502// projected volume as files using the keys in the Data field as the file names, 503// unless the items element is populated with specific mappings of keys to paths. 504// Note that this is identical to a configmap volume source without the default 505// mode. 506message ConfigMapProjection { 507 optional LocalObjectReference localObjectReference = 1; 508 509 // If unspecified, each key-value pair in the Data field of the referenced 510 // ConfigMap will be projected into the volume as a file whose name is the 511 // key and content is the value. If specified, the listed keys will be 512 // projected into the specified paths, and unlisted keys will not be 513 // present. If a key is specified which is not present in the ConfigMap, 514 // the volume setup will error unless it is marked optional. Paths must be 515 // relative and may not contain the '..' path or start with '..'. 516 // +optional 517 repeated KeyToPath items = 2; 518 519 // Specify whether the ConfigMap or it's keys must be defined 520 // +optional 521 optional bool optional = 4; 522} 523 524// Adapts a ConfigMap into a volume. 525// 526// The contents of the target ConfigMap's Data field will be presented in a 527// volume as files using the keys in the Data field as the file names, unless 528// the items element is populated with specific mappings of keys to paths. 529// ConfigMap volumes support ownership management and SELinux relabeling. 530message ConfigMapVolumeSource { 531 optional LocalObjectReference localObjectReference = 1; 532 533 // If unspecified, each key-value pair in the Data field of the referenced 534 // ConfigMap will be projected into the volume as a file whose name is the 535 // key and content is the value. If specified, the listed keys will be 536 // projected into the specified paths, and unlisted keys will not be 537 // present. If a key is specified which is not present in the ConfigMap, 538 // the volume setup will error unless it is marked optional. Paths must be 539 // relative and may not contain the '..' path or start with '..'. 540 // +optional 541 repeated KeyToPath items = 2; 542 543 // Optional: mode bits to use on created files by default. Must be a 544 // value between 0 and 0777. Defaults to 0644. 545 // Directories within the path are not affected by this setting. 546 // This might be in conflict with other options that affect the file 547 // mode, like fsGroup, and the result can be other mode bits set. 548 // +optional 549 optional int32 defaultMode = 3; 550 551 // Specify whether the ConfigMap or it's keys must be defined 552 // +optional 553 optional bool optional = 4; 554} 555 556// A single application container that you want to run within a pod. 557message Container { 558 // Name of the container specified as a DNS_LABEL. 559 // Each container in a pod must have a unique name (DNS_LABEL). 560 // Cannot be updated. 561 optional string name = 1; 562 563 // Docker image name. 564 // More info: https://kubernetes.io/docs/concepts/containers/images 565 // This field is optional to allow higher level config management to default or override 566 // container images in workload controllers like Deployments and StatefulSets. 567 // +optional 568 optional string image = 2; 569 570 // Entrypoint array. Not executed within a shell. 571 // The docker image's ENTRYPOINT is used if this is not provided. 572 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 573 // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax 574 // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, 575 // regardless of whether the variable exists or not. 576 // Cannot be updated. 577 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 578 // +optional 579 repeated string command = 3; 580 581 // Arguments to the entrypoint. 582 // The docker image's CMD is used if this is not provided. 583 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 584 // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax 585 // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, 586 // regardless of whether the variable exists or not. 587 // Cannot be updated. 588 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 589 // +optional 590 repeated string args = 4; 591 592 // Container's working directory. 593 // If not specified, the container runtime's default will be used, which 594 // might be configured in the container image. 595 // Cannot be updated. 596 // +optional 597 optional string workingDir = 5; 598 599 // List of ports to expose from the container. Exposing a port here gives 600 // the system additional information about the network connections a 601 // container uses, but is primarily informational. Not specifying a port here 602 // DOES NOT prevent that port from being exposed. Any port which is 603 // listening on the default "0.0.0.0" address inside a container will be 604 // accessible from the network. 605 // Cannot be updated. 606 // +optional 607 // +patchMergeKey=containerPort 608 // +patchStrategy=merge 609 repeated ContainerPort ports = 6; 610 611 // List of sources to populate environment variables in the container. 612 // The keys defined within a source must be a C_IDENTIFIER. All invalid keys 613 // will be reported as an event when the container is starting. When a key exists in multiple 614 // sources, the value associated with the last source will take precedence. 615 // Values defined by an Env with a duplicate key will take precedence. 616 // Cannot be updated. 617 // +optional 618 repeated EnvFromSource envFrom = 19; 619 620 // List of environment variables to set in the container. 621 // Cannot be updated. 622 // +optional 623 // +patchMergeKey=name 624 // +patchStrategy=merge 625 repeated EnvVar env = 7; 626 627 // Compute Resources required by this container. 628 // Cannot be updated. 629 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources 630 // +optional 631 optional ResourceRequirements resources = 8; 632 633 // Pod volumes to mount into the container's filesystem. 634 // Cannot be updated. 635 // +optional 636 // +patchMergeKey=mountPath 637 // +patchStrategy=merge 638 repeated VolumeMount volumeMounts = 9; 639 640 // volumeDevices is the list of block devices to be used by the container. 641 // This is an alpha feature and may change in the future. 642 // +patchMergeKey=devicePath 643 // +patchStrategy=merge 644 // +optional 645 repeated VolumeDevice volumeDevices = 21; 646 647 // Periodic probe of container liveness. 648 // Container will be restarted if the probe fails. 649 // Cannot be updated. 650 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 651 // +optional 652 optional Probe livenessProbe = 10; 653 654 // Periodic probe of container service readiness. 655 // Container will be removed from service endpoints if the probe fails. 656 // Cannot be updated. 657 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 658 // +optional 659 optional Probe readinessProbe = 11; 660 661 // Actions that the management system should take in response to container lifecycle events. 662 // Cannot be updated. 663 // +optional 664 optional Lifecycle lifecycle = 12; 665 666 // Optional: Path at which the file to which the container's termination message 667 // will be written is mounted into the container's filesystem. 668 // Message written is intended to be brief final status, such as an assertion failure message. 669 // Will be truncated by the node if greater than 4096 bytes. The total message length across 670 // all containers will be limited to 12kb. 671 // Defaults to /dev/termination-log. 672 // Cannot be updated. 673 // +optional 674 optional string terminationMessagePath = 13; 675 676 // Indicate how the termination message should be populated. File will use the contents of 677 // terminationMessagePath to populate the container status message on both success and failure. 678 // FallbackToLogsOnError will use the last chunk of container log output if the termination 679 // message file is empty and the container exited with an error. 680 // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 681 // Defaults to File. 682 // Cannot be updated. 683 // +optional 684 optional string terminationMessagePolicy = 20; 685 686 // Image pull policy. 687 // One of Always, Never, IfNotPresent. 688 // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 689 // Cannot be updated. 690 // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 691 // +optional 692 optional string imagePullPolicy = 14; 693 694 // Security options the pod should run with. 695 // More info: https://kubernetes.io/docs/concepts/policy/security-context/ 696 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 697 // +optional 698 optional SecurityContext securityContext = 15; 699 700 // Whether this container should allocate a buffer for stdin in the container runtime. If this 701 // is not set, reads from stdin in the container will always result in EOF. 702 // Default is false. 703 // +optional 704 optional bool stdin = 16; 705 706 // Whether the container runtime should close the stdin channel after it has been opened by 707 // a single attach. When stdin is true the stdin stream will remain open across multiple attach 708 // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 709 // first client attaches to stdin, and then remains open and accepts data until the client disconnects, 710 // at which time stdin is closed and remains closed until the container is restarted. If this 711 // flag is false, a container processes that reads from stdin will never receive an EOF. 712 // Default is false 713 // +optional 714 optional bool stdinOnce = 17; 715 716 // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 717 // Default is false. 718 // +optional 719 optional bool tty = 18; 720} 721 722// Describe a container image 723message ContainerImage { 724 // Names by which this image is known. 725 // e.g. ["k8s.gcr.io/hyperkube:v1.0.7", "dockerhub.io/google_containers/hyperkube:v1.0.7"] 726 repeated string names = 1; 727 728 // The size of the image in bytes. 729 // +optional 730 optional int64 sizeBytes = 2; 731} 732 733// ContainerPort represents a network port in a single container. 734message ContainerPort { 735 // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 736 // named port in a pod must have a unique name. Name for the port that can be 737 // referred to by services. 738 // +optional 739 optional string name = 1; 740 741 // Number of port to expose on the host. 742 // If specified, this must be a valid port number, 0 < x < 65536. 743 // If HostNetwork is specified, this must match ContainerPort. 744 // Most containers do not need this. 745 // +optional 746 optional int32 hostPort = 2; 747 748 // Number of port to expose on the pod's IP address. 749 // This must be a valid port number, 0 < x < 65536. 750 optional int32 containerPort = 3; 751 752 // Protocol for port. Must be UDP or TCP. 753 // Defaults to "TCP". 754 // +optional 755 optional string protocol = 4; 756 757 // What host IP to bind the external port to. 758 // +optional 759 optional string hostIP = 5; 760} 761 762// ContainerState holds a possible state of container. 763// Only one of its members may be specified. 764// If none of them is specified, the default one is ContainerStateWaiting. 765message ContainerState { 766 // Details about a waiting container 767 // +optional 768 optional ContainerStateWaiting waiting = 1; 769 770 // Details about a running container 771 // +optional 772 optional ContainerStateRunning running = 2; 773 774 // Details about a terminated container 775 // +optional 776 optional ContainerStateTerminated terminated = 3; 777} 778 779// ContainerStateRunning is a running state of a container. 780message ContainerStateRunning { 781 // Time at which the container was last (re-)started 782 // +optional 783 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 1; 784} 785 786// ContainerStateTerminated is a terminated state of a container. 787message ContainerStateTerminated { 788 // Exit status from the last termination of the container 789 optional int32 exitCode = 1; 790 791 // Signal from the last termination of the container 792 // +optional 793 optional int32 signal = 2; 794 795 // (brief) reason from the last termination of the container 796 // +optional 797 optional string reason = 3; 798 799 // Message regarding the last termination of the container 800 // +optional 801 optional string message = 4; 802 803 // Time at which previous execution of the container started 804 // +optional 805 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 5; 806 807 // Time at which the container last terminated 808 // +optional 809 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 6; 810 811 // Container's ID in the format 'docker://<container_id>' 812 // +optional 813 optional string containerID = 7; 814} 815 816// ContainerStateWaiting is a waiting state of a container. 817message ContainerStateWaiting { 818 // (brief) reason the container is not yet running. 819 // +optional 820 optional string reason = 1; 821 822 // Message regarding why the container is not yet running. 823 // +optional 824 optional string message = 2; 825} 826 827// ContainerStatus contains details for the current status of this container. 828message ContainerStatus { 829 // This must be a DNS_LABEL. Each container in a pod must have a unique name. 830 // Cannot be updated. 831 optional string name = 1; 832 833 // Details about the container's current condition. 834 // +optional 835 optional ContainerState state = 2; 836 837 // Details about the container's last termination condition. 838 // +optional 839 optional ContainerState lastState = 3; 840 841 // Specifies whether the container has passed its readiness probe. 842 optional bool ready = 4; 843 844 // The number of times the container has been restarted, currently based on 845 // the number of dead containers that have not yet been removed. 846 // Note that this is calculated from dead containers. But those containers are subject to 847 // garbage collection. This value will get capped at 5 by GC. 848 optional int32 restartCount = 5; 849 850 // The image the container is running. 851 // More info: https://kubernetes.io/docs/concepts/containers/images 852 // TODO(dchen1107): Which image the container is running with? 853 optional string image = 6; 854 855 // ImageID of the container's image. 856 optional string imageID = 7; 857 858 // Container's ID in the format 'docker://<container_id>'. 859 // +optional 860 optional string containerID = 8; 861} 862 863// DaemonEndpoint contains information about a single Daemon endpoint. 864message DaemonEndpoint { 865 // Port number of the given endpoint. 866 optional int32 Port = 1; 867} 868 869// Represents downward API info for projecting into a projected volume. 870// Note that this is identical to a downwardAPI volume source without the default 871// mode. 872message DownwardAPIProjection { 873 // Items is a list of DownwardAPIVolume file 874 // +optional 875 repeated DownwardAPIVolumeFile items = 1; 876} 877 878// DownwardAPIVolumeFile represents information to create the file containing the pod field 879message DownwardAPIVolumeFile { 880 // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' 881 optional string path = 1; 882 883 // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. 884 // +optional 885 optional ObjectFieldSelector fieldRef = 2; 886 887 // Selects a resource of the container: only resources limits and requests 888 // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. 889 // +optional 890 optional ResourceFieldSelector resourceFieldRef = 3; 891 892 // Optional: mode bits to use on this file, must be a value between 0 893 // and 0777. If not specified, the volume defaultMode will be used. 894 // This might be in conflict with other options that affect the file 895 // mode, like fsGroup, and the result can be other mode bits set. 896 // +optional 897 optional int32 mode = 4; 898} 899 900// DownwardAPIVolumeSource represents a volume containing downward API info. 901// Downward API volumes support ownership management and SELinux relabeling. 902message DownwardAPIVolumeSource { 903 // Items is a list of downward API volume file 904 // +optional 905 repeated DownwardAPIVolumeFile items = 1; 906 907 // Optional: mode bits to use on created files by default. Must be a 908 // value between 0 and 0777. Defaults to 0644. 909 // Directories within the path are not affected by this setting. 910 // This might be in conflict with other options that affect the file 911 // mode, like fsGroup, and the result can be other mode bits set. 912 // +optional 913 optional int32 defaultMode = 2; 914} 915 916// Represents an empty directory for a pod. 917// Empty directory volumes support ownership management and SELinux relabeling. 918message EmptyDirVolumeSource { 919 // What type of storage medium should back this directory. 920 // The default is "" which means to use the node's default medium. 921 // Must be an empty string (default) or Memory. 922 // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 923 // +optional 924 optional string medium = 1; 925 926 // Total amount of local storage required for this EmptyDir volume. 927 // The size limit is also applicable for memory medium. 928 // The maximum usage on memory medium EmptyDir would be the minimum value between 929 // the SizeLimit specified here and the sum of memory limits of all containers in a pod. 930 // The default is nil which means that the limit is undefined. 931 // More info: http://kubernetes.io/docs/user-guide/volumes#emptydir 932 // +optional 933 optional k8s.io.apimachinery.pkg.api.resource.Quantity sizeLimit = 2; 934} 935 936// EndpointAddress is a tuple that describes single IP address. 937message EndpointAddress { 938 // The IP of this endpoint. 939 // May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), 940 // or link-local multicast ((224.0.0.0/24). 941 // IPv6 is also accepted but not fully supported on all platforms. Also, certain 942 // kubernetes components, like kube-proxy, are not IPv6 ready. 943 // TODO: This should allow hostname or IP, See #4447. 944 optional string ip = 1; 945 946 // The Hostname of this endpoint 947 // +optional 948 optional string hostname = 3; 949 950 // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. 951 // +optional 952 optional string nodeName = 4; 953 954 // Reference to object providing the endpoint. 955 // +optional 956 optional ObjectReference targetRef = 2; 957} 958 959// EndpointPort is a tuple that describes a single port. 960message EndpointPort { 961 // The name of this port (corresponds to ServicePort.Name). 962 // Must be a DNS_LABEL. 963 // Optional only if one port is defined. 964 // +optional 965 optional string name = 1; 966 967 // The port number of the endpoint. 968 optional int32 port = 2; 969 970 // The IP protocol for this port. 971 // Must be UDP or TCP. 972 // Default is TCP. 973 // +optional 974 optional string protocol = 3; 975} 976 977// EndpointSubset is a group of addresses with a common set of ports. The 978// expanded set of endpoints is the Cartesian product of Addresses x Ports. 979// For example, given: 980// { 981// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], 982// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] 983// } 984// The resulting set of endpoints can be viewed as: 985// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], 986// b: [ 10.10.1.1:309, 10.10.2.2:309 ] 987message EndpointSubset { 988 // IP addresses which offer the related ports that are marked as ready. These endpoints 989 // should be considered safe for load balancers and clients to utilize. 990 // +optional 991 repeated EndpointAddress addresses = 1; 992 993 // IP addresses which offer the related ports but are not currently marked as ready 994 // because they have not yet finished starting, have recently failed a readiness check, 995 // or have recently failed a liveness check. 996 // +optional 997 repeated EndpointAddress notReadyAddresses = 2; 998 999 // Port numbers available on the related IP addresses. 1000 // +optional 1001 repeated EndpointPort ports = 3; 1002} 1003 1004// Endpoints is a collection of endpoints that implement the actual service. Example: 1005// Name: "mysvc", 1006// Subsets: [ 1007// { 1008// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], 1009// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] 1010// }, 1011// { 1012// Addresses: [{"ip": "10.10.3.3"}], 1013// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] 1014// }, 1015// ] 1016message Endpoints { 1017 // Standard object's metadata. 1018 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 1019 // +optional 1020 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1021 1022 // The set of all endpoints is the union of all subsets. Addresses are placed into 1023 // subsets according to the IPs they share. A single address with multiple ports, 1024 // some of which are ready and some of which are not (because they come from 1025 // different containers) will result in the address being displayed in different 1026 // subsets for the different ports. No address will appear in both Addresses and 1027 // NotReadyAddresses in the same subset. 1028 // Sets of addresses and ports that comprise a service. 1029 // +optional 1030 repeated EndpointSubset subsets = 2; 1031} 1032 1033// EndpointsList is a list of endpoints. 1034message EndpointsList { 1035 // Standard list metadata. 1036 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 1037 // +optional 1038 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1039 1040 // List of endpoints. 1041 repeated Endpoints items = 2; 1042} 1043 1044// EnvFromSource represents the source of a set of ConfigMaps 1045message EnvFromSource { 1046 // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1047 // +optional 1048 optional string prefix = 1; 1049 1050 // The ConfigMap to select from 1051 // +optional 1052 optional ConfigMapEnvSource configMapRef = 2; 1053 1054 // The Secret to select from 1055 // +optional 1056 optional SecretEnvSource secretRef = 3; 1057} 1058 1059// EnvVar represents an environment variable present in a Container. 1060message EnvVar { 1061 // Name of the environment variable. Must be a C_IDENTIFIER. 1062 optional string name = 1; 1063 1064 // Variable references $(VAR_NAME) are expanded 1065 // using the previous defined environment variables in the container and 1066 // any service environment variables. If a variable cannot be resolved, 1067 // the reference in the input string will be unchanged. The $(VAR_NAME) 1068 // syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped 1069 // references will never be expanded, regardless of whether the variable 1070 // exists or not. 1071 // Defaults to "". 1072 // +optional 1073 optional string value = 2; 1074 1075 // Source for the environment variable's value. Cannot be used if value is not empty. 1076 // +optional 1077 optional EnvVarSource valueFrom = 3; 1078} 1079 1080// EnvVarSource represents a source for the value of an EnvVar. 1081message EnvVarSource { 1082 // Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, 1083 // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP. 1084 // +optional 1085 optional ObjectFieldSelector fieldRef = 1; 1086 1087 // Selects a resource of the container: only resources limits and requests 1088 // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 1089 // +optional 1090 optional ResourceFieldSelector resourceFieldRef = 2; 1091 1092 // Selects a key of a ConfigMap. 1093 // +optional 1094 optional ConfigMapKeySelector configMapKeyRef = 3; 1095 1096 // Selects a key of a secret in the pod's namespace 1097 // +optional 1098 optional SecretKeySelector secretKeyRef = 4; 1099} 1100 1101// Event is a report of an event somewhere in the cluster. 1102message Event { 1103 // Standard object's metadata. 1104 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 1105 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1106 1107 // The object that this event is about. 1108 optional ObjectReference involvedObject = 2; 1109 1110 // This should be a short, machine understandable string that gives the reason 1111 // for the transition into the object's current status. 1112 // TODO: provide exact specification for format. 1113 // +optional 1114 optional string reason = 3; 1115 1116 // A human-readable description of the status of this operation. 1117 // TODO: decide on maximum length. 1118 // +optional 1119 optional string message = 4; 1120 1121 // The component reporting this event. Should be a short machine understandable string. 1122 // +optional 1123 optional EventSource source = 5; 1124 1125 // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) 1126 // +optional 1127 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time firstTimestamp = 6; 1128 1129 // The time at which the most recent occurrence of this event was recorded. 1130 // +optional 1131 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTimestamp = 7; 1132 1133 // The number of times this event has occurred. 1134 // +optional 1135 optional int32 count = 8; 1136 1137 // Type of this event (Normal, Warning), new types could be added in the future 1138 // +optional 1139 optional string type = 9; 1140 1141 // Time when this Event was first observed. 1142 // +optional 1143 optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime eventTime = 10; 1144 1145 // Data about the Event series this event represents or nil if it's a singleton Event. 1146 // +optional 1147 optional EventSeries series = 11; 1148 1149 // What action was taken/failed regarding to the Regarding object. 1150 // +optional 1151 optional string action = 12; 1152 1153 // Optional secondary object for more complex actions. 1154 // +optional 1155 optional ObjectReference related = 13; 1156 1157 // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. 1158 // +optional 1159 optional string reportingComponent = 14; 1160 1161 // ID of the controller instance, e.g. `kubelet-xyzf`. 1162 // +optional 1163 optional string reportingInstance = 15; 1164} 1165 1166// EventList is a list of events. 1167message EventList { 1168 // Standard list metadata. 1169 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 1170 // +optional 1171 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1172 1173 // List of events 1174 repeated Event items = 2; 1175} 1176 1177// EventSeries contain information on series of events, i.e. thing that was/is happening 1178// continuously for some time. 1179message EventSeries { 1180 // Number of occurrences in this series up to the last heartbeat time 1181 optional int32 count = 1; 1182 1183 // Time of the last occurrence observed 1184 optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime lastObservedTime = 2; 1185 1186 // State of this Series: Ongoing or Finished 1187 optional string state = 3; 1188} 1189 1190// EventSource contains information for an event. 1191message EventSource { 1192 // Component from which the event is generated. 1193 // +optional 1194 optional string component = 1; 1195 1196 // Node name on which the event is generated. 1197 // +optional 1198 optional string host = 2; 1199} 1200 1201// ExecAction describes a "run in container" action. 1202message ExecAction { 1203 // Command is the command line to execute inside the container, the working directory for the 1204 // command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1205 // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1206 // a shell, you need to explicitly call out to that shell. 1207 // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1208 // +optional 1209 repeated string command = 1; 1210} 1211 1212// Represents a Fibre Channel volume. 1213// Fibre Channel volumes can only be mounted as read/write once. 1214// Fibre Channel volumes support ownership management and SELinux relabeling. 1215message FCVolumeSource { 1216 // Optional: FC target worldwide names (WWNs) 1217 // +optional 1218 repeated string targetWWNs = 1; 1219 1220 // Optional: FC target lun number 1221 // +optional 1222 optional int32 lun = 2; 1223 1224 // Filesystem type to mount. 1225 // Must be a filesystem type supported by the host operating system. 1226 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 1227 // TODO: how do we prevent errors in the filesystem from compromising the machine 1228 // +optional 1229 optional string fsType = 3; 1230 1231 // Optional: Defaults to false (read/write). ReadOnly here will force 1232 // the ReadOnly setting in VolumeMounts. 1233 // +optional 1234 optional bool readOnly = 4; 1235 1236 // Optional: FC volume world wide identifiers (wwids) 1237 // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. 1238 // +optional 1239 repeated string wwids = 5; 1240} 1241 1242// FlexPersistentVolumeSource represents a generic persistent volume resource that is 1243// provisioned/attached using an exec based plugin. 1244message FlexPersistentVolumeSource { 1245 // Driver is the name of the driver to use for this volume. 1246 optional string driver = 1; 1247 1248 // Filesystem type to mount. 1249 // Must be a filesystem type supported by the host operating system. 1250 // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 1251 // +optional 1252 optional string fsType = 2; 1253 1254 // Optional: SecretRef is reference to the secret object containing 1255 // sensitive information to pass to the plugin scripts. This may be 1256 // empty if no secret object is specified. If the secret object 1257 // contains more than one secret, all secrets are passed to the plugin 1258 // scripts. 1259 // +optional 1260 optional SecretReference secretRef = 3; 1261 1262 // Optional: Defaults to false (read/write). ReadOnly here will force 1263 // the ReadOnly setting in VolumeMounts. 1264 // +optional 1265 optional bool readOnly = 4; 1266 1267 // Optional: Extra command options if any. 1268 // +optional 1269 map<string, string> options = 5; 1270} 1271 1272// FlexVolume represents a generic volume resource that is 1273// provisioned/attached using an exec based plugin. 1274message FlexVolumeSource { 1275 // Driver is the name of the driver to use for this volume. 1276 optional string driver = 1; 1277 1278 // Filesystem type to mount. 1279 // Must be a filesystem type supported by the host operating system. 1280 // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 1281 // +optional 1282 optional string fsType = 2; 1283 1284 // Optional: SecretRef is reference to the secret object containing 1285 // sensitive information to pass to the plugin scripts. This may be 1286 // empty if no secret object is specified. If the secret object 1287 // contains more than one secret, all secrets are passed to the plugin 1288 // scripts. 1289 // +optional 1290 optional LocalObjectReference secretRef = 3; 1291 1292 // Optional: Defaults to false (read/write). ReadOnly here will force 1293 // the ReadOnly setting in VolumeMounts. 1294 // +optional 1295 optional bool readOnly = 4; 1296 1297 // Optional: Extra command options if any. 1298 // +optional 1299 map<string, string> options = 5; 1300} 1301 1302// Represents a Flocker volume mounted by the Flocker agent. 1303// One and only one of datasetName and datasetUUID should be set. 1304// Flocker volumes do not support ownership management or SELinux relabeling. 1305message FlockerVolumeSource { 1306 // Name of the dataset stored as metadata -> name on the dataset for Flocker 1307 // should be considered as deprecated 1308 // +optional 1309 optional string datasetName = 1; 1310 1311 // UUID of the dataset. This is unique identifier of a Flocker dataset 1312 // +optional 1313 optional string datasetUUID = 2; 1314} 1315 1316// Represents a Persistent Disk resource in Google Compute Engine. 1317// 1318// A GCE PD must exist before mounting to a container. The disk must 1319// also be in the same GCE project and zone as the kubelet. A GCE PD 1320// can only be mounted as read/write once or read-only many times. GCE 1321// PDs support ownership management and SELinux relabeling. 1322message GCEPersistentDiskVolumeSource { 1323 // Unique name of the PD resource in GCE. Used to identify the disk in GCE. 1324 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 1325 optional string pdName = 1; 1326 1327 // Filesystem type of the volume that you want to mount. 1328 // Tip: Ensure that the filesystem type is supported by the host operating system. 1329 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 1330 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 1331 // TODO: how do we prevent errors in the filesystem from compromising the machine 1332 // +optional 1333 optional string fsType = 2; 1334 1335 // The partition in the volume that you want to mount. 1336 // If omitted, the default is to mount by volume name. 1337 // Examples: For volume /dev/sda1, you specify the partition as "1". 1338 // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 1339 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 1340 // +optional 1341 optional int32 partition = 3; 1342 1343 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 1344 // Defaults to false. 1345 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 1346 // +optional 1347 optional bool readOnly = 4; 1348} 1349 1350// Represents a volume that is populated with the contents of a git repository. 1351// Git repo volumes do not support ownership management. 1352// Git repo volumes support SELinux relabeling. 1353// 1354// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an 1355// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir 1356// into the Pod's container. 1357message GitRepoVolumeSource { 1358 // Repository URL 1359 optional string repository = 1; 1360 1361 // Commit hash for the specified revision. 1362 // +optional 1363 optional string revision = 2; 1364 1365 // Target directory name. 1366 // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the 1367 // git repository. Otherwise, if specified, the volume will contain the git repository in 1368 // the subdirectory with the given name. 1369 // +optional 1370 optional string directory = 3; 1371} 1372 1373// Represents a Glusterfs mount that lasts the lifetime of a pod. 1374// Glusterfs volumes do not support ownership management or SELinux relabeling. 1375message GlusterfsVolumeSource { 1376 // EndpointsName is the endpoint name that details Glusterfs topology. 1377 // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod 1378 optional string endpoints = 1; 1379 1380 // Path is the Glusterfs volume path. 1381 // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod 1382 optional string path = 2; 1383 1384 // ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. 1385 // Defaults to false. 1386 // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod 1387 // +optional 1388 optional bool readOnly = 3; 1389} 1390 1391// HTTPGetAction describes an action based on HTTP Get requests. 1392message HTTPGetAction { 1393 // Path to access on the HTTP server. 1394 // +optional 1395 optional string path = 1; 1396 1397 // Name or number of the port to access on the container. 1398 // Number must be in the range 1 to 65535. 1399 // Name must be an IANA_SVC_NAME. 1400 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2; 1401 1402 // Host name to connect to, defaults to the pod IP. You probably want to set 1403 // "Host" in httpHeaders instead. 1404 // +optional 1405 optional string host = 3; 1406 1407 // Scheme to use for connecting to the host. 1408 // Defaults to HTTP. 1409 // +optional 1410 optional string scheme = 4; 1411 1412 // Custom headers to set in the request. HTTP allows repeated headers. 1413 // +optional 1414 repeated HTTPHeader httpHeaders = 5; 1415} 1416 1417// HTTPHeader describes a custom header to be used in HTTP probes 1418message HTTPHeader { 1419 // The header field name 1420 optional string name = 1; 1421 1422 // The header field value 1423 optional string value = 2; 1424} 1425 1426// Handler defines a specific action that should be taken 1427// TODO: pass structured data to these actions, and document that data here. 1428message Handler { 1429 // One and only one of the following should be specified. 1430 // Exec specifies the action to take. 1431 // +optional 1432 optional ExecAction exec = 1; 1433 1434 // HTTPGet specifies the http request to perform. 1435 // +optional 1436 optional HTTPGetAction httpGet = 2; 1437 1438 // TCPSocket specifies an action involving a TCP port. 1439 // TCP hooks not yet supported 1440 // TODO: implement a realistic TCP lifecycle hook 1441 // +optional 1442 optional TCPSocketAction tcpSocket = 3; 1443} 1444 1445// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the 1446// pod's hosts file. 1447message HostAlias { 1448 // IP address of the host file entry. 1449 optional string ip = 1; 1450 1451 // Hostnames for the above IP address. 1452 repeated string hostnames = 2; 1453} 1454 1455// Represents a host path mapped into a pod. 1456// Host path volumes do not support ownership management or SELinux relabeling. 1457message HostPathVolumeSource { 1458 // Path of the directory on the host. 1459 // If the path is a symlink, it will follow the link to the real path. 1460 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 1461 optional string path = 1; 1462 1463 // Type for HostPath Volume 1464 // Defaults to "" 1465 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 1466 // +optional 1467 optional string type = 2; 1468} 1469 1470// ISCSIPersistentVolumeSource represents an ISCSI disk. 1471// ISCSI volumes can only be mounted as read/write once. 1472// ISCSI volumes support ownership management and SELinux relabeling. 1473message ISCSIPersistentVolumeSource { 1474 // iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port 1475 // is other than default (typically TCP ports 860 and 3260). 1476 optional string targetPortal = 1; 1477 1478 // Target iSCSI Qualified Name. 1479 optional string iqn = 2; 1480 1481 // iSCSI Target Lun number. 1482 optional int32 lun = 3; 1483 1484 // iSCSI Interface Name that uses an iSCSI transport. 1485 // Defaults to 'default' (tcp). 1486 // +optional 1487 optional string iscsiInterface = 4; 1488 1489 // Filesystem type of the volume that you want to mount. 1490 // Tip: Ensure that the filesystem type is supported by the host operating system. 1491 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 1492 // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 1493 // TODO: how do we prevent errors in the filesystem from compromising the machine 1494 // +optional 1495 optional string fsType = 5; 1496 1497 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 1498 // Defaults to false. 1499 // +optional 1500 optional bool readOnly = 6; 1501 1502 // iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port 1503 // is other than default (typically TCP ports 860 and 3260). 1504 // +optional 1505 repeated string portals = 7; 1506 1507 // whether support iSCSI Discovery CHAP authentication 1508 // +optional 1509 optional bool chapAuthDiscovery = 8; 1510 1511 // whether support iSCSI Session CHAP authentication 1512 // +optional 1513 optional bool chapAuthSession = 11; 1514 1515 // CHAP Secret for iSCSI target and initiator authentication 1516 // +optional 1517 optional SecretReference secretRef = 10; 1518 1519 // Custom iSCSI Initiator Name. 1520 // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface 1521 // <target portal>:<volume name> will be created for the connection. 1522 // +optional 1523 optional string initiatorName = 12; 1524} 1525 1526// Represents an ISCSI disk. 1527// ISCSI volumes can only be mounted as read/write once. 1528// ISCSI volumes support ownership management and SELinux relabeling. 1529message ISCSIVolumeSource { 1530 // iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port 1531 // is other than default (typically TCP ports 860 and 3260). 1532 optional string targetPortal = 1; 1533 1534 // Target iSCSI Qualified Name. 1535 optional string iqn = 2; 1536 1537 // iSCSI Target Lun number. 1538 optional int32 lun = 3; 1539 1540 // iSCSI Interface Name that uses an iSCSI transport. 1541 // Defaults to 'default' (tcp). 1542 // +optional 1543 optional string iscsiInterface = 4; 1544 1545 // Filesystem type of the volume that you want to mount. 1546 // Tip: Ensure that the filesystem type is supported by the host operating system. 1547 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 1548 // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 1549 // TODO: how do we prevent errors in the filesystem from compromising the machine 1550 // +optional 1551 optional string fsType = 5; 1552 1553 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 1554 // Defaults to false. 1555 // +optional 1556 optional bool readOnly = 6; 1557 1558 // iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port 1559 // is other than default (typically TCP ports 860 and 3260). 1560 // +optional 1561 repeated string portals = 7; 1562 1563 // whether support iSCSI Discovery CHAP authentication 1564 // +optional 1565 optional bool chapAuthDiscovery = 8; 1566 1567 // whether support iSCSI Session CHAP authentication 1568 // +optional 1569 optional bool chapAuthSession = 11; 1570 1571 // CHAP Secret for iSCSI target and initiator authentication 1572 // +optional 1573 optional LocalObjectReference secretRef = 10; 1574 1575 // Custom iSCSI Initiator Name. 1576 // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface 1577 // <target portal>:<volume name> will be created for the connection. 1578 // +optional 1579 optional string initiatorName = 12; 1580} 1581 1582// Maps a string key to a path within a volume. 1583message KeyToPath { 1584 // The key to project. 1585 optional string key = 1; 1586 1587 // The relative path of the file to map the key to. 1588 // May not be an absolute path. 1589 // May not contain the path element '..'. 1590 // May not start with the string '..'. 1591 optional string path = 2; 1592 1593 // Optional: mode bits to use on this file, must be a value between 0 1594 // and 0777. If not specified, the volume defaultMode will be used. 1595 // This might be in conflict with other options that affect the file 1596 // mode, like fsGroup, and the result can be other mode bits set. 1597 // +optional 1598 optional int32 mode = 3; 1599} 1600 1601// Lifecycle describes actions that the management system should take in response to container lifecycle 1602// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks 1603// until the action is complete, unless the container process fails, in which case the handler is aborted. 1604message Lifecycle { 1605 // PostStart is called immediately after a container is created. If the handler fails, 1606 // the container is terminated and restarted according to its restart policy. 1607 // Other management of the container blocks until the hook completes. 1608 // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1609 // +optional 1610 optional Handler postStart = 1; 1611 1612 // PreStop is called immediately before a container is terminated. 1613 // The container is terminated after the handler completes. 1614 // The reason for termination is passed to the handler. 1615 // Regardless of the outcome of the handler, the container is eventually terminated. 1616 // Other management of the container blocks until the hook completes. 1617 // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1618 // +optional 1619 optional Handler preStop = 2; 1620} 1621 1622// LimitRange sets resource usage limits for each kind of resource in a Namespace. 1623message LimitRange { 1624 // Standard object's metadata. 1625 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 1626 // +optional 1627 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1628 1629 // Spec defines the limits enforced. 1630 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 1631 // +optional 1632 optional LimitRangeSpec spec = 2; 1633} 1634 1635// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. 1636message LimitRangeItem { 1637 // Type of resource that this limit applies to. 1638 // +optional 1639 optional string type = 1; 1640 1641 // Max usage constraints on this kind by resource name. 1642 // +optional 1643 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> max = 2; 1644 1645 // Min usage constraints on this kind by resource name. 1646 // +optional 1647 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> min = 3; 1648 1649 // Default resource requirement limit value by resource name if resource limit is omitted. 1650 // +optional 1651 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> default = 4; 1652 1653 // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. 1654 // +optional 1655 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> defaultRequest = 5; 1656 1657 // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. 1658 // +optional 1659 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> maxLimitRequestRatio = 6; 1660} 1661 1662// LimitRangeList is a list of LimitRange items. 1663message LimitRangeList { 1664 // Standard list metadata. 1665 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 1666 // +optional 1667 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1668 1669 // Items is a list of LimitRange objects. 1670 // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ 1671 repeated LimitRange items = 2; 1672} 1673 1674// LimitRangeSpec defines a min/max usage limit for resources that match on kind. 1675message LimitRangeSpec { 1676 // Limits is the list of LimitRangeItem objects that are enforced. 1677 repeated LimitRangeItem limits = 1; 1678} 1679 1680// List holds a list of objects, which may not be known by the server. 1681message List { 1682 // Standard list metadata. 1683 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 1684 // +optional 1685 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1686 1687 // List of objects 1688 repeated k8s.io.apimachinery.pkg.runtime.RawExtension items = 2; 1689} 1690 1691// LoadBalancerIngress represents the status of a load-balancer ingress point: 1692// traffic intended for the service should be sent to an ingress point. 1693message LoadBalancerIngress { 1694 // IP is set for load-balancer ingress points that are IP based 1695 // (typically GCE or OpenStack load-balancers) 1696 // +optional 1697 optional string ip = 1; 1698 1699 // Hostname is set for load-balancer ingress points that are DNS based 1700 // (typically AWS load-balancers) 1701 // +optional 1702 optional string hostname = 2; 1703} 1704 1705// LoadBalancerStatus represents the status of a load-balancer. 1706message LoadBalancerStatus { 1707 // Ingress is a list containing ingress points for the load-balancer. 1708 // Traffic intended for the service should be sent to these ingress points. 1709 // +optional 1710 repeated LoadBalancerIngress ingress = 1; 1711} 1712 1713// LocalObjectReference contains enough information to let you locate the 1714// referenced object inside the same namespace. 1715message LocalObjectReference { 1716 // Name of the referent. 1717 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1718 // TODO: Add other useful fields. apiVersion, kind, uid? 1719 // +optional 1720 optional string name = 1; 1721} 1722 1723// Local represents directly-attached storage with node affinity (Beta feature) 1724message LocalVolumeSource { 1725 // The full path to the volume on the node. 1726 // It can be either a directory or block device (disk, partition, ...). 1727 // Directories can be represented only by PersistentVolume with VolumeMode=Filesystem. 1728 // Block devices can be represented only by VolumeMode=Block, which also requires the 1729 // BlockVolume alpha feature gate to be enabled. 1730 optional string path = 1; 1731} 1732 1733// Represents an NFS mount that lasts the lifetime of a pod. 1734// NFS volumes do not support ownership management or SELinux relabeling. 1735message NFSVolumeSource { 1736 // Server is the hostname or IP address of the NFS server. 1737 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 1738 optional string server = 1; 1739 1740 // Path that is exported by the NFS server. 1741 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 1742 optional string path = 2; 1743 1744 // ReadOnly here will force 1745 // the NFS export to be mounted with read-only permissions. 1746 // Defaults to false. 1747 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 1748 // +optional 1749 optional bool readOnly = 3; 1750} 1751 1752// Namespace provides a scope for Names. 1753// Use of multiple namespaces is optional. 1754message Namespace { 1755 // Standard object's metadata. 1756 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 1757 // +optional 1758 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1759 1760 // Spec defines the behavior of the Namespace. 1761 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 1762 // +optional 1763 optional NamespaceSpec spec = 2; 1764 1765 // Status describes the current status of a Namespace. 1766 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 1767 // +optional 1768 optional NamespaceStatus status = 3; 1769} 1770 1771// NamespaceList is a list of Namespaces. 1772message NamespaceList { 1773 // Standard list metadata. 1774 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 1775 // +optional 1776 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1777 1778 // Items is the list of Namespace objects in the list. 1779 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 1780 repeated Namespace items = 2; 1781} 1782 1783// NamespaceSpec describes the attributes on a Namespace. 1784message NamespaceSpec { 1785 // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. 1786 // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ 1787 // +optional 1788 repeated string finalizers = 1; 1789} 1790 1791// NamespaceStatus is information about the current status of a Namespace. 1792message NamespaceStatus { 1793 // Phase is the current lifecycle phase of the namespace. 1794 // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ 1795 // +optional 1796 optional string phase = 1; 1797} 1798 1799// Node is a worker node in Kubernetes. 1800// Each node will have a unique identifier in the cache (i.e. in etcd). 1801message Node { 1802 // Standard object's metadata. 1803 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 1804 // +optional 1805 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 1806 1807 // Spec defines the behavior of a node. 1808 // https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 1809 // +optional 1810 optional NodeSpec spec = 2; 1811 1812 // Most recently observed status of the node. 1813 // Populated by the system. 1814 // Read-only. 1815 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 1816 // +optional 1817 optional NodeStatus status = 3; 1818} 1819 1820// NodeAddress contains information for the node's address. 1821message NodeAddress { 1822 // Node address type, one of Hostname, ExternalIP or InternalIP. 1823 optional string type = 1; 1824 1825 // The node address. 1826 optional string address = 2; 1827} 1828 1829// Node affinity is a group of node affinity scheduling rules. 1830message NodeAffinity { 1831 // If the affinity requirements specified by this field are not met at 1832 // scheduling time, the pod will not be scheduled onto the node. 1833 // If the affinity requirements specified by this field cease to be met 1834 // at some point during pod execution (e.g. due to an update), the system 1835 // may or may not try to eventually evict the pod from its node. 1836 // +optional 1837 optional NodeSelector requiredDuringSchedulingIgnoredDuringExecution = 1; 1838 1839 // The scheduler will prefer to schedule pods to nodes that satisfy 1840 // the affinity expressions specified by this field, but it may choose 1841 // a node that violates one or more of the expressions. The node that is 1842 // most preferred is the one with the greatest sum of weights, i.e. 1843 // for each node that meets all of the scheduling requirements (resource 1844 // request, requiredDuringScheduling affinity expressions, etc.), 1845 // compute a sum by iterating through the elements of this field and adding 1846 // "weight" to the sum if the node matches the corresponding matchExpressions; the 1847 // node(s) with the highest sum are the most preferred. 1848 // +optional 1849 repeated PreferredSchedulingTerm preferredDuringSchedulingIgnoredDuringExecution = 2; 1850} 1851 1852// NodeCondition contains condition information for a node. 1853message NodeCondition { 1854 // Type of node condition. 1855 optional string type = 1; 1856 1857 // Status of the condition, one of True, False, Unknown. 1858 optional string status = 2; 1859 1860 // Last time we got an update on a given condition. 1861 // +optional 1862 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastHeartbeatTime = 3; 1863 1864 // Last time the condition transit from one status to another. 1865 // +optional 1866 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; 1867 1868 // (brief) reason for the condition's last transition. 1869 // +optional 1870 optional string reason = 5; 1871 1872 // Human readable message indicating details about last transition. 1873 // +optional 1874 optional string message = 6; 1875} 1876 1877// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. 1878message NodeConfigSource { 1879 // ConfigMap is a reference to a Node's ConfigMap 1880 optional ConfigMapNodeConfigSource configMap = 2; 1881} 1882 1883// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. 1884message NodeConfigStatus { 1885 // Assigned reports the checkpointed config the node will try to use. 1886 // When Node.Spec.ConfigSource is updated, the node checkpoints the associated 1887 // config payload to local disk, along with a record indicating intended 1888 // config. The node refers to this record to choose its config checkpoint, and 1889 // reports this record in Assigned. Assigned only updates in the status after 1890 // the record has been checkpointed to disk. When the Kubelet is restarted, 1891 // it tries to make the Assigned config the Active config by loading and 1892 // validating the checkpointed payload identified by Assigned. 1893 // +optional 1894 optional NodeConfigSource assigned = 1; 1895 1896 // Active reports the checkpointed config the node is actively using. 1897 // Active will represent either the current version of the Assigned config, 1898 // or the current LastKnownGood config, depending on whether attempting to use the 1899 // Assigned config results in an error. 1900 // +optional 1901 optional NodeConfigSource active = 2; 1902 1903 // LastKnownGood reports the checkpointed config the node will fall back to 1904 // when it encounters an error attempting to use the Assigned config. 1905 // The Assigned config becomes the LastKnownGood config when the node determines 1906 // that the Assigned config is stable and correct. 1907 // This is currently implemented as a 10-minute soak period starting when the local 1908 // record of Assigned config is updated. If the Assigned config is Active at the end 1909 // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is 1910 // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, 1911 // because the local default config is always assumed good. 1912 // You should not make assumptions about the node's method of determining config stability 1913 // and correctness, as this may change or become configurable in the future. 1914 // +optional 1915 optional NodeConfigSource lastKnownGood = 3; 1916 1917 // Error describes any problems reconciling the Spec.ConfigSource to the Active config. 1918 // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned 1919 // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting 1920 // to load or validate the Assigned config, etc. 1921 // Errors may occur at different points while syncing config. Earlier errors (e.g. download or 1922 // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across 1923 // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in 1924 // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error 1925 // by fixing the config assigned in Spec.ConfigSource. 1926 // You can find additional information for debugging by searching the error message in the Kubelet log. 1927 // Error is a human-readable description of the error state; machines can check whether or not Error 1928 // is empty, but should not rely on the stability of the Error text across Kubelet versions. 1929 // +optional 1930 optional string error = 4; 1931} 1932 1933// NodeDaemonEndpoints lists ports opened by daemons running on the Node. 1934message NodeDaemonEndpoints { 1935 // Endpoint on which Kubelet is listening. 1936 // +optional 1937 optional DaemonEndpoint kubeletEndpoint = 1; 1938} 1939 1940// NodeList is the whole list of all Nodes which have been registered with master. 1941message NodeList { 1942 // Standard list metadata. 1943 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 1944 // +optional 1945 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 1946 1947 // List of nodes 1948 repeated Node items = 2; 1949} 1950 1951// NodeProxyOptions is the query options to a Node's proxy call. 1952message NodeProxyOptions { 1953 // Path is the URL path to use for the current proxy request to node. 1954 // +optional 1955 optional string path = 1; 1956} 1957 1958// NodeResources is an object for conveying resource information about a node. 1959// see http://releases.k8s.io/HEAD/docs/design/resources.md for more details. 1960message NodeResources { 1961 // Capacity represents the available resources of a node 1962 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 1; 1963} 1964 1965// A node selector represents the union of the results of one or more label queries 1966// over a set of nodes; that is, it represents the OR of the selectors represented 1967// by the node selector terms. 1968message NodeSelector { 1969 // Required. A list of node selector terms. The terms are ORed. 1970 repeated NodeSelectorTerm nodeSelectorTerms = 1; 1971} 1972 1973// A node selector requirement is a selector that contains values, a key, and an operator 1974// that relates the key and values. 1975message NodeSelectorRequirement { 1976 // The label key that the selector applies to. 1977 optional string key = 1; 1978 1979 // Represents a key's relationship to a set of values. 1980 // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 1981 optional string operator = 2; 1982 1983 // An array of string values. If the operator is In or NotIn, 1984 // the values array must be non-empty. If the operator is Exists or DoesNotExist, 1985 // the values array must be empty. If the operator is Gt or Lt, the values 1986 // array must have a single element, which will be interpreted as an integer. 1987 // This array is replaced during a strategic merge patch. 1988 // +optional 1989 repeated string values = 3; 1990} 1991 1992// A null or empty node selector term matches no objects. The requirements of 1993// them are ANDed. 1994// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 1995message NodeSelectorTerm { 1996 // A list of node selector requirements by node's labels. 1997 // +optional 1998 repeated NodeSelectorRequirement matchExpressions = 1; 1999 2000 // A list of node selector requirements by node's fields. 2001 // +optional 2002 repeated NodeSelectorRequirement matchFields = 2; 2003} 2004 2005// NodeSpec describes the attributes that a node is created with. 2006message NodeSpec { 2007 // PodCIDR represents the pod IP range assigned to the node. 2008 // +optional 2009 optional string podCIDR = 1; 2010 2011 // ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID> 2012 // +optional 2013 optional string providerID = 3; 2014 2015 // Unschedulable controls node schedulability of new pods. By default, node is schedulable. 2016 // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration 2017 // +optional 2018 optional bool unschedulable = 4; 2019 2020 // If specified, the node's taints. 2021 // +optional 2022 repeated Taint taints = 5; 2023 2024 // If specified, the source to get node configuration from 2025 // The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field 2026 // +optional 2027 optional NodeConfigSource configSource = 6; 2028 2029 // Deprecated. Not all kubelets will set this field. Remove field after 1.13. 2030 // see: https://issues.k8s.io/61966 2031 // +optional 2032 optional string externalID = 2; 2033} 2034 2035// NodeStatus is information about the current status of a node. 2036message NodeStatus { 2037 // Capacity represents the total resources of a node. 2038 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity 2039 // +optional 2040 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 1; 2041 2042 // Allocatable represents the resources of a node that are available for scheduling. 2043 // Defaults to Capacity. 2044 // +optional 2045 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> allocatable = 2; 2046 2047 // NodePhase is the recently observed lifecycle phase of the node. 2048 // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase 2049 // The field is never populated, and now is deprecated. 2050 // +optional 2051 optional string phase = 3; 2052 2053 // Conditions is an array of current observed node conditions. 2054 // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition 2055 // +optional 2056 // +patchMergeKey=type 2057 // +patchStrategy=merge 2058 repeated NodeCondition conditions = 4; 2059 2060 // List of addresses reachable to the node. 2061 // Queried from cloud provider, if available. 2062 // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses 2063 // +optional 2064 // +patchMergeKey=type 2065 // +patchStrategy=merge 2066 repeated NodeAddress addresses = 5; 2067 2068 // Endpoints of daemons running on the Node. 2069 // +optional 2070 optional NodeDaemonEndpoints daemonEndpoints = 6; 2071 2072 // Set of ids/uuids to uniquely identify the node. 2073 // More info: https://kubernetes.io/docs/concepts/nodes/node/#info 2074 // +optional 2075 optional NodeSystemInfo nodeInfo = 7; 2076 2077 // List of container images on this node 2078 // +optional 2079 repeated ContainerImage images = 8; 2080 2081 // List of attachable volumes in use (mounted) by the node. 2082 // +optional 2083 repeated string volumesInUse = 9; 2084 2085 // List of volumes that are attached to the node. 2086 // +optional 2087 repeated AttachedVolume volumesAttached = 10; 2088 2089 // Status of the config assigned to the node via the dynamic Kubelet config feature. 2090 // +optional 2091 optional NodeConfigStatus config = 11; 2092} 2093 2094// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. 2095message NodeSystemInfo { 2096 // MachineID reported by the node. For unique machine identification 2097 // in the cluster this field is preferred. Learn more from man(5) 2098 // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html 2099 optional string machineID = 1; 2100 2101 // SystemUUID reported by the node. For unique machine identification 2102 // MachineID is preferred. This field is specific to Red Hat hosts 2103 // https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/getting-system-uuid.html 2104 optional string systemUUID = 2; 2105 2106 // Boot ID reported by the node. 2107 optional string bootID = 3; 2108 2109 // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). 2110 optional string kernelVersion = 4; 2111 2112 // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). 2113 optional string osImage = 5; 2114 2115 // ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0). 2116 optional string containerRuntimeVersion = 6; 2117 2118 // Kubelet Version reported by the node. 2119 optional string kubeletVersion = 7; 2120 2121 // KubeProxy Version reported by the node. 2122 optional string kubeProxyVersion = 8; 2123 2124 // The Operating System reported by the node 2125 optional string operatingSystem = 9; 2126 2127 // The Architecture reported by the node 2128 optional string architecture = 10; 2129} 2130 2131// ObjectFieldSelector selects an APIVersioned field of an object. 2132message ObjectFieldSelector { 2133 // Version of the schema the FieldPath is written in terms of, defaults to "v1". 2134 // +optional 2135 optional string apiVersion = 1; 2136 2137 // Path of the field to select in the specified API version. 2138 optional string fieldPath = 2; 2139} 2140 2141// ObjectReference contains enough information to let you inspect or modify the referred object. 2142// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 2143message ObjectReference { 2144 // Kind of the referent. 2145 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 2146 // +optional 2147 optional string kind = 1; 2148 2149 // Namespace of the referent. 2150 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 2151 // +optional 2152 optional string namespace = 2; 2153 2154 // Name of the referent. 2155 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2156 // +optional 2157 optional string name = 3; 2158 2159 // UID of the referent. 2160 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids 2161 // +optional 2162 optional string uid = 4; 2163 2164 // API version of the referent. 2165 // +optional 2166 optional string apiVersion = 5; 2167 2168 // Specific resourceVersion to which this reference is made, if any. 2169 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency 2170 // +optional 2171 optional string resourceVersion = 6; 2172 2173 // If referring to a piece of an object instead of an entire object, this string 2174 // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. 2175 // For example, if the object reference is to a container within a pod, this would take on a value like: 2176 // "spec.containers{name}" (where "name" refers to the name of the container that triggered 2177 // the event) or if no container name is specified "spec.containers[2]" (container with 2178 // index 2 in this pod). This syntax is chosen only to have some well-defined way of 2179 // referencing a part of an object. 2180 // TODO: this design is not final and this field is subject to change in the future. 2181 // +optional 2182 optional string fieldPath = 7; 2183} 2184 2185// PersistentVolume (PV) is a storage resource provisioned by an administrator. 2186// It is analogous to a node. 2187// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes 2188message PersistentVolume { 2189 // Standard object's metadata. 2190 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 2191 // +optional 2192 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 2193 2194 // Spec defines a specification of a persistent volume owned by the cluster. 2195 // Provisioned by an administrator. 2196 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes 2197 // +optional 2198 optional PersistentVolumeSpec spec = 2; 2199 2200 // Status represents the current information/status for the persistent volume. 2201 // Populated by the system. 2202 // Read-only. 2203 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes 2204 // +optional 2205 optional PersistentVolumeStatus status = 3; 2206} 2207 2208// PersistentVolumeClaim is a user's request for and claim to a persistent volume 2209message PersistentVolumeClaim { 2210 // Standard object's metadata. 2211 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 2212 // +optional 2213 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 2214 2215 // Spec defines the desired characteristics of a volume requested by a pod author. 2216 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 2217 // +optional 2218 optional PersistentVolumeClaimSpec spec = 2; 2219 2220 // Status represents the current information/status of a persistent volume claim. 2221 // Read-only. 2222 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 2223 // +optional 2224 optional PersistentVolumeClaimStatus status = 3; 2225} 2226 2227// PersistentVolumeClaimCondition contails details about state of pvc 2228message PersistentVolumeClaimCondition { 2229 optional string type = 1; 2230 2231 optional string status = 2; 2232 2233 // Last time we probed the condition. 2234 // +optional 2235 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3; 2236 2237 // Last time the condition transitioned from one status to another. 2238 // +optional 2239 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; 2240 2241 // Unique, this should be a short, machine understandable string that gives the reason 2242 // for condition's last transition. If it reports "ResizeStarted" that means the underlying 2243 // persistent volume is being resized. 2244 // +optional 2245 optional string reason = 5; 2246 2247 // Human-readable message indicating details about last transition. 2248 // +optional 2249 optional string message = 6; 2250} 2251 2252// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. 2253message PersistentVolumeClaimList { 2254 // Standard list metadata. 2255 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 2256 // +optional 2257 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 2258 2259 // A list of persistent volume claims. 2260 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 2261 repeated PersistentVolumeClaim items = 2; 2262} 2263 2264// PersistentVolumeClaimSpec describes the common attributes of storage devices 2265// and allows a Source for provider-specific attributes 2266message PersistentVolumeClaimSpec { 2267 // AccessModes contains the desired access modes the volume should have. 2268 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 2269 // +optional 2270 repeated string accessModes = 1; 2271 2272 // A label query over volumes to consider for binding. 2273 // +optional 2274 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 4; 2275 2276 // Resources represents the minimum resources the volume should have. 2277 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources 2278 // +optional 2279 optional ResourceRequirements resources = 2; 2280 2281 // VolumeName is the binding reference to the PersistentVolume backing this claim. 2282 // +optional 2283 optional string volumeName = 3; 2284 2285 // Name of the StorageClass required by the claim. 2286 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 2287 // +optional 2288 optional string storageClassName = 5; 2289 2290 // volumeMode defines what type of volume is required by the claim. 2291 // Value of Filesystem is implied when not included in claim spec. 2292 // This is an alpha feature and may change in the future. 2293 // +optional 2294 optional string volumeMode = 6; 2295} 2296 2297// PersistentVolumeClaimStatus is the current status of a persistent volume claim. 2298message PersistentVolumeClaimStatus { 2299 // Phase represents the current phase of PersistentVolumeClaim. 2300 // +optional 2301 optional string phase = 1; 2302 2303 // AccessModes contains the actual access modes the volume backing the PVC has. 2304 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 2305 // +optional 2306 repeated string accessModes = 2; 2307 2308 // Represents the actual resources of the underlying volume. 2309 // +optional 2310 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 3; 2311 2312 // Current Condition of persistent volume claim. If underlying persistent volume is being 2313 // resized then the Condition will be set to 'ResizeStarted'. 2314 // +optional 2315 // +patchMergeKey=type 2316 // +patchStrategy=merge 2317 repeated PersistentVolumeClaimCondition conditions = 4; 2318} 2319 2320// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. 2321// This volume finds the bound PV and mounts that volume for the pod. A 2322// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another 2323// type of volume that is owned by someone else (the system). 2324message PersistentVolumeClaimVolumeSource { 2325 // ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. 2326 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 2327 optional string claimName = 1; 2328 2329 // Will force the ReadOnly setting in VolumeMounts. 2330 // Default false. 2331 // +optional 2332 optional bool readOnly = 2; 2333} 2334 2335// PersistentVolumeList is a list of PersistentVolume items. 2336message PersistentVolumeList { 2337 // Standard list metadata. 2338 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 2339 // +optional 2340 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 2341 2342 // List of persistent volumes. 2343 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes 2344 repeated PersistentVolume items = 2; 2345} 2346 2347// PersistentVolumeSource is similar to VolumeSource but meant for the 2348// administrator who creates PVs. Exactly one of its members must be set. 2349message PersistentVolumeSource { 2350 // GCEPersistentDisk represents a GCE Disk resource that is attached to a 2351 // kubelet's host machine and then exposed to the pod. Provisioned by an admin. 2352 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 2353 // +optional 2354 optional GCEPersistentDiskVolumeSource gcePersistentDisk = 1; 2355 2356 // AWSElasticBlockStore represents an AWS Disk resource that is attached to a 2357 // kubelet's host machine and then exposed to the pod. 2358 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 2359 // +optional 2360 optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 2; 2361 2362 // HostPath represents a directory on the host. 2363 // Provisioned by a developer or tester. 2364 // This is useful for single-node development and testing only! 2365 // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. 2366 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 2367 // +optional 2368 optional HostPathVolumeSource hostPath = 3; 2369 2370 // Glusterfs represents a Glusterfs volume that is attached to a host and 2371 // exposed to the pod. Provisioned by an admin. 2372 // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md 2373 // +optional 2374 optional GlusterfsVolumeSource glusterfs = 4; 2375 2376 // NFS represents an NFS mount on the host. Provisioned by an admin. 2377 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 2378 // +optional 2379 optional NFSVolumeSource nfs = 5; 2380 2381 // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. 2382 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md 2383 // +optional 2384 optional RBDPersistentVolumeSource rbd = 6; 2385 2386 // ISCSI represents an ISCSI Disk resource that is attached to a 2387 // kubelet's host machine and then exposed to the pod. Provisioned by an admin. 2388 // +optional 2389 optional ISCSIPersistentVolumeSource iscsi = 7; 2390 2391 // Cinder represents a cinder volume attached and mounted on kubelets host machine 2392 // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md 2393 // +optional 2394 optional CinderPersistentVolumeSource cinder = 8; 2395 2396 // CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 2397 // +optional 2398 optional CephFSPersistentVolumeSource cephfs = 9; 2399 2400 // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 2401 // +optional 2402 optional FCVolumeSource fc = 10; 2403 2404 // Flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running 2405 // +optional 2406 optional FlockerVolumeSource flocker = 11; 2407 2408 // FlexVolume represents a generic volume resource that is 2409 // provisioned/attached using an exec based plugin. 2410 // +optional 2411 optional FlexPersistentVolumeSource flexVolume = 12; 2412 2413 // AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 2414 // +optional 2415 optional AzureFilePersistentVolumeSource azureFile = 13; 2416 2417 // VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 2418 // +optional 2419 optional VsphereVirtualDiskVolumeSource vsphereVolume = 14; 2420 2421 // Quobyte represents a Quobyte mount on the host that shares a pod's lifetime 2422 // +optional 2423 optional QuobyteVolumeSource quobyte = 15; 2424 2425 // AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 2426 // +optional 2427 optional AzureDiskVolumeSource azureDisk = 16; 2428 2429 // PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 2430 optional PhotonPersistentDiskVolumeSource photonPersistentDisk = 17; 2431 2432 // PortworxVolume represents a portworx volume attached and mounted on kubelets host machine 2433 // +optional 2434 optional PortworxVolumeSource portworxVolume = 18; 2435 2436 // ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 2437 // +optional 2438 optional ScaleIOPersistentVolumeSource scaleIO = 19; 2439 2440 // Local represents directly-attached storage with node affinity 2441 // +optional 2442 optional LocalVolumeSource local = 20; 2443 2444 // StorageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod 2445 // More info: https://releases.k8s.io/HEAD/examples/volumes/storageos/README.md 2446 // +optional 2447 optional StorageOSPersistentVolumeSource storageos = 21; 2448 2449 // CSI represents storage that handled by an external CSI driver (Beta feature). 2450 // +optional 2451 optional CSIPersistentVolumeSource csi = 22; 2452} 2453 2454// PersistentVolumeSpec is the specification of a persistent volume. 2455message PersistentVolumeSpec { 2456 // A description of the persistent volume's resources and capacity. 2457 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity 2458 // +optional 2459 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 1; 2460 2461 // The actual volume backing the persistent volume. 2462 optional PersistentVolumeSource persistentVolumeSource = 2; 2463 2464 // AccessModes contains all ways the volume can be mounted. 2465 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes 2466 // +optional 2467 repeated string accessModes = 3; 2468 2469 // ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. 2470 // Expected to be non-nil when bound. 2471 // claim.VolumeName is the authoritative bind between PV and PVC. 2472 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding 2473 // +optional 2474 optional ObjectReference claimRef = 4; 2475 2476 // What happens to a persistent volume when released from its claim. 2477 // Valid options are Retain (default for manually created PersistentVolumes), Delete (default 2478 // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). 2479 // Recycle must be supported by the volume plugin underlying this PersistentVolume. 2480 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming 2481 // +optional 2482 optional string persistentVolumeReclaimPolicy = 5; 2483 2484 // Name of StorageClass to which this persistent volume belongs. Empty value 2485 // means that this volume does not belong to any StorageClass. 2486 // +optional 2487 optional string storageClassName = 6; 2488 2489 // A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will 2490 // simply fail if one is invalid. 2491 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options 2492 // +optional 2493 repeated string mountOptions = 7; 2494 2495 // volumeMode defines if a volume is intended to be used with a formatted filesystem 2496 // or to remain in raw block state. Value of Filesystem is implied when not included in spec. 2497 // This is an alpha feature and may change in the future. 2498 // +optional 2499 optional string volumeMode = 8; 2500 2501 // NodeAffinity defines constraints that limit what nodes this volume can be accessed from. 2502 // This field influences the scheduling of pods that use this volume. 2503 // +optional 2504 optional VolumeNodeAffinity nodeAffinity = 9; 2505} 2506 2507// PersistentVolumeStatus is the current status of a persistent volume. 2508message PersistentVolumeStatus { 2509 // Phase indicates if a volume is available, bound to a claim, or released by a claim. 2510 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase 2511 // +optional 2512 optional string phase = 1; 2513 2514 // A human-readable message indicating details about why the volume is in this state. 2515 // +optional 2516 optional string message = 2; 2517 2518 // Reason is a brief CamelCase string that describes any failure and is meant 2519 // for machine parsing and tidy display in the CLI. 2520 // +optional 2521 optional string reason = 3; 2522} 2523 2524// Represents a Photon Controller persistent disk resource. 2525message PhotonPersistentDiskVolumeSource { 2526 // ID that identifies Photon Controller persistent disk 2527 optional string pdID = 1; 2528 2529 // Filesystem type to mount. 2530 // Must be a filesystem type supported by the host operating system. 2531 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 2532 optional string fsType = 2; 2533} 2534 2535// Pod is a collection of containers that can run on a host. This resource is created 2536// by clients and scheduled onto hosts. 2537message Pod { 2538 // Standard object's metadata. 2539 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 2540 // +optional 2541 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 2542 2543 // Specification of the desired behavior of the pod. 2544 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 2545 // +optional 2546 optional PodSpec spec = 2; 2547 2548 // Most recently observed status of the pod. 2549 // This data may not be up to date. 2550 // Populated by the system. 2551 // Read-only. 2552 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 2553 // +optional 2554 optional PodStatus status = 3; 2555} 2556 2557// Pod affinity is a group of inter pod affinity scheduling rules. 2558message PodAffinity { 2559 // If the affinity requirements specified by this field are not met at 2560 // scheduling time, the pod will not be scheduled onto the node. 2561 // If the affinity requirements specified by this field cease to be met 2562 // at some point during pod execution (e.g. due to a pod label update), the 2563 // system may or may not try to eventually evict the pod from its node. 2564 // When there are multiple elements, the lists of nodes corresponding to each 2565 // podAffinityTerm are intersected, i.e. all terms must be satisfied. 2566 // +optional 2567 repeated PodAffinityTerm requiredDuringSchedulingIgnoredDuringExecution = 1; 2568 2569 // The scheduler will prefer to schedule pods to nodes that satisfy 2570 // the affinity expressions specified by this field, but it may choose 2571 // a node that violates one or more of the expressions. The node that is 2572 // most preferred is the one with the greatest sum of weights, i.e. 2573 // for each node that meets all of the scheduling requirements (resource 2574 // request, requiredDuringScheduling affinity expressions, etc.), 2575 // compute a sum by iterating through the elements of this field and adding 2576 // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 2577 // node(s) with the highest sum are the most preferred. 2578 // +optional 2579 repeated WeightedPodAffinityTerm preferredDuringSchedulingIgnoredDuringExecution = 2; 2580} 2581 2582// Defines a set of pods (namely those matching the labelSelector 2583// relative to the given namespace(s)) that this pod should be 2584// co-located (affinity) or not co-located (anti-affinity) with, 2585// where co-located is defined as running on a node whose value of 2586// the label with key <topologyKey> matches that of any node on which 2587// a pod of the set of pods is running 2588message PodAffinityTerm { 2589 // A label query over a set of resources, in this case pods. 2590 // +optional 2591 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 1; 2592 2593 // namespaces specifies which namespaces the labelSelector applies to (matches against); 2594 // null or empty list means "this pod's namespace" 2595 // +optional 2596 repeated string namespaces = 2; 2597 2598 // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 2599 // the labelSelector in the specified namespaces, where co-located is defined as running on a node 2600 // whose value of the label with key topologyKey matches that of any node on which any of the 2601 // selected pods is running. 2602 // Empty topologyKey is not allowed. 2603 optional string topologyKey = 3; 2604} 2605 2606// Pod anti affinity is a group of inter pod anti affinity scheduling rules. 2607message PodAntiAffinity { 2608 // If the anti-affinity requirements specified by this field are not met at 2609 // scheduling time, the pod will not be scheduled onto the node. 2610 // If the anti-affinity requirements specified by this field cease to be met 2611 // at some point during pod execution (e.g. due to a pod label update), the 2612 // system may or may not try to eventually evict the pod from its node. 2613 // When there are multiple elements, the lists of nodes corresponding to each 2614 // podAffinityTerm are intersected, i.e. all terms must be satisfied. 2615 // +optional 2616 repeated PodAffinityTerm requiredDuringSchedulingIgnoredDuringExecution = 1; 2617 2618 // The scheduler will prefer to schedule pods to nodes that satisfy 2619 // the anti-affinity expressions specified by this field, but it may choose 2620 // a node that violates one or more of the expressions. The node that is 2621 // most preferred is the one with the greatest sum of weights, i.e. 2622 // for each node that meets all of the scheduling requirements (resource 2623 // request, requiredDuringScheduling anti-affinity expressions, etc.), 2624 // compute a sum by iterating through the elements of this field and adding 2625 // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 2626 // node(s) with the highest sum are the most preferred. 2627 // +optional 2628 repeated WeightedPodAffinityTerm preferredDuringSchedulingIgnoredDuringExecution = 2; 2629} 2630 2631// PodAttachOptions is the query options to a Pod's remote attach call. 2632// --- 2633// TODO: merge w/ PodExecOptions below for stdin, stdout, etc 2634// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY 2635message PodAttachOptions { 2636 // Stdin if true, redirects the standard input stream of the pod for this call. 2637 // Defaults to false. 2638 // +optional 2639 optional bool stdin = 1; 2640 2641 // Stdout if true indicates that stdout is to be redirected for the attach call. 2642 // Defaults to true. 2643 // +optional 2644 optional bool stdout = 2; 2645 2646 // Stderr if true indicates that stderr is to be redirected for the attach call. 2647 // Defaults to true. 2648 // +optional 2649 optional bool stderr = 3; 2650 2651 // TTY if true indicates that a tty will be allocated for the attach call. 2652 // This is passed through the container runtime so the tty 2653 // is allocated on the worker node by the container runtime. 2654 // Defaults to false. 2655 // +optional 2656 optional bool tty = 4; 2657 2658 // The container in which to execute the command. 2659 // Defaults to only container if there is only one container in the pod. 2660 // +optional 2661 optional string container = 5; 2662} 2663 2664// PodCondition contains details for the current condition of this pod. 2665message PodCondition { 2666 // Type is the type of the condition. 2667 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions 2668 optional string type = 1; 2669 2670 // Status is the status of the condition. 2671 // Can be True, False, Unknown. 2672 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions 2673 optional string status = 2; 2674 2675 // Last time we probed the condition. 2676 // +optional 2677 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3; 2678 2679 // Last time the condition transitioned from one status to another. 2680 // +optional 2681 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; 2682 2683 // Unique, one-word, CamelCase reason for the condition's last transition. 2684 // +optional 2685 optional string reason = 5; 2686 2687 // Human-readable message indicating details about last transition. 2688 // +optional 2689 optional string message = 6; 2690} 2691 2692// PodDNSConfig defines the DNS parameters of a pod in addition to 2693// those generated from DNSPolicy. 2694message PodDNSConfig { 2695 // A list of DNS name server IP addresses. 2696 // This will be appended to the base nameservers generated from DNSPolicy. 2697 // Duplicated nameservers will be removed. 2698 // +optional 2699 repeated string nameservers = 1; 2700 2701 // A list of DNS search domains for host-name lookup. 2702 // This will be appended to the base search paths generated from DNSPolicy. 2703 // Duplicated search paths will be removed. 2704 // +optional 2705 repeated string searches = 2; 2706 2707 // A list of DNS resolver options. 2708 // This will be merged with the base options generated from DNSPolicy. 2709 // Duplicated entries will be removed. Resolution options given in Options 2710 // will override those that appear in the base DNSPolicy. 2711 // +optional 2712 repeated PodDNSConfigOption options = 3; 2713} 2714 2715// PodDNSConfigOption defines DNS resolver options of a pod. 2716message PodDNSConfigOption { 2717 // Required. 2718 optional string name = 1; 2719 2720 // +optional 2721 optional string value = 2; 2722} 2723 2724// PodExecOptions is the query options to a Pod's remote exec call. 2725// --- 2726// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging 2727// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY 2728message PodExecOptions { 2729 // Redirect the standard input stream of the pod for this call. 2730 // Defaults to false. 2731 // +optional 2732 optional bool stdin = 1; 2733 2734 // Redirect the standard output stream of the pod for this call. 2735 // Defaults to true. 2736 // +optional 2737 optional bool stdout = 2; 2738 2739 // Redirect the standard error stream of the pod for this call. 2740 // Defaults to true. 2741 // +optional 2742 optional bool stderr = 3; 2743 2744 // TTY if true indicates that a tty will be allocated for the exec call. 2745 // Defaults to false. 2746 // +optional 2747 optional bool tty = 4; 2748 2749 // Container in which to execute the command. 2750 // Defaults to only container if there is only one container in the pod. 2751 // +optional 2752 optional string container = 5; 2753 2754 // Command is the remote command to execute. argv array. Not executed within a shell. 2755 repeated string command = 6; 2756} 2757 2758// PodList is a list of Pods. 2759message PodList { 2760 // Standard list metadata. 2761 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 2762 // +optional 2763 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 2764 2765 // List of pods. 2766 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md 2767 repeated Pod items = 2; 2768} 2769 2770// PodLogOptions is the query options for a Pod's logs REST call. 2771message PodLogOptions { 2772 // The container for which to stream logs. Defaults to only container if there is one container in the pod. 2773 // +optional 2774 optional string container = 1; 2775 2776 // Follow the log stream of the pod. Defaults to false. 2777 // +optional 2778 optional bool follow = 2; 2779 2780 // Return previous terminated container logs. Defaults to false. 2781 // +optional 2782 optional bool previous = 3; 2783 2784 // A relative time in seconds before the current time from which to show logs. If this value 2785 // precedes the time a pod was started, only logs since the pod start will be returned. 2786 // If this value is in the future, no logs will be returned. 2787 // Only one of sinceSeconds or sinceTime may be specified. 2788 // +optional 2789 optional int64 sinceSeconds = 4; 2790 2791 // An RFC3339 timestamp from which to show logs. If this value 2792 // precedes the time a pod was started, only logs since the pod start will be returned. 2793 // If this value is in the future, no logs will be returned. 2794 // Only one of sinceSeconds or sinceTime may be specified. 2795 // +optional 2796 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time sinceTime = 5; 2797 2798 // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line 2799 // of log output. Defaults to false. 2800 // +optional 2801 optional bool timestamps = 6; 2802 2803 // If set, the number of lines from the end of the logs to show. If not specified, 2804 // logs are shown from the creation of the container or sinceSeconds or sinceTime 2805 // +optional 2806 optional int64 tailLines = 7; 2807 2808 // If set, the number of bytes to read from the server before terminating the 2809 // log output. This may not display a complete final line of logging, and may return 2810 // slightly more or slightly less than the specified limit. 2811 // +optional 2812 optional int64 limitBytes = 8; 2813} 2814 2815// PodPortForwardOptions is the query options to a Pod's port forward call 2816// when using WebSockets. 2817// The `port` query parameter must specify the port or 2818// ports (comma separated) to forward over. 2819// Port forwarding over SPDY does not use these options. It requires the port 2820// to be passed in the `port` header as part of request. 2821message PodPortForwardOptions { 2822 // List of ports to forward 2823 // Required when using WebSockets 2824 // +optional 2825 repeated int32 ports = 1; 2826} 2827 2828// PodProxyOptions is the query options to a Pod's proxy call. 2829message PodProxyOptions { 2830 // Path is the URL path to use for the current proxy request to pod. 2831 // +optional 2832 optional string path = 1; 2833} 2834 2835// PodReadinessGate contains the reference to a pod condition 2836message PodReadinessGate { 2837 // ConditionType refers to a condition in the pod's condition list with matching type. 2838 optional string conditionType = 1; 2839} 2840 2841// PodSecurityContext holds pod-level security attributes and common container settings. 2842// Some fields are also present in container.securityContext. Field values of 2843// container.securityContext take precedence over field values of PodSecurityContext. 2844message PodSecurityContext { 2845 // The SELinux context to be applied to all containers. 2846 // If unspecified, the container runtime will allocate a random SELinux context for each 2847 // container. May also be set in SecurityContext. If set in 2848 // both SecurityContext and PodSecurityContext, the value specified in SecurityContext 2849 // takes precedence for that container. 2850 // +optional 2851 optional SELinuxOptions seLinuxOptions = 1; 2852 2853 // The UID to run the entrypoint of the container process. 2854 // Defaults to user specified in image metadata if unspecified. 2855 // May also be set in SecurityContext. If set in both SecurityContext and 2856 // PodSecurityContext, the value specified in SecurityContext takes precedence 2857 // for that container. 2858 // +optional 2859 optional int64 runAsUser = 2; 2860 2861 // The GID to run the entrypoint of the container process. 2862 // Uses runtime default if unset. 2863 // May also be set in SecurityContext. If set in both SecurityContext and 2864 // PodSecurityContext, the value specified in SecurityContext takes precedence 2865 // for that container. 2866 // +optional 2867 optional int64 runAsGroup = 6; 2868 2869 // Indicates that the container must run as a non-root user. 2870 // If true, the Kubelet will validate the image at runtime to ensure that it 2871 // does not run as UID 0 (root) and fail to start the container if it does. 2872 // If unset or false, no such validation will be performed. 2873 // May also be set in SecurityContext. If set in both SecurityContext and 2874 // PodSecurityContext, the value specified in SecurityContext takes precedence. 2875 // +optional 2876 optional bool runAsNonRoot = 3; 2877 2878 // A list of groups applied to the first process run in each container, in addition 2879 // to the container's primary GID. If unspecified, no groups will be added to 2880 // any container. 2881 // +optional 2882 repeated int64 supplementalGroups = 4; 2883 2884 // A special supplemental group that applies to all containers in a pod. 2885 // Some volume types allow the Kubelet to change the ownership of that volume 2886 // to be owned by the pod: 2887 // 2888 // 1. The owning GID will be the FSGroup 2889 // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 2890 // 3. The permission bits are OR'd with rw-rw---- 2891 // 2892 // If unset, the Kubelet will not modify the ownership and permissions of any volume. 2893 // +optional 2894 optional int64 fsGroup = 5; 2895 2896 // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported 2897 // sysctls (by the container runtime) might fail to launch. 2898 // +optional 2899 repeated Sysctl sysctls = 7; 2900} 2901 2902// Describes the class of pods that should avoid this node. 2903// Exactly one field should be set. 2904message PodSignature { 2905 // Reference to controller whose pods should avoid this node. 2906 // +optional 2907 optional k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference podController = 1; 2908} 2909 2910// PodSpec is a description of a pod. 2911message PodSpec { 2912 // List of volumes that can be mounted by containers belonging to the pod. 2913 // More info: https://kubernetes.io/docs/concepts/storage/volumes 2914 // +optional 2915 // +patchMergeKey=name 2916 // +patchStrategy=merge,retainKeys 2917 repeated Volume volumes = 1; 2918 2919 // List of initialization containers belonging to the pod. 2920 // Init containers are executed in order prior to containers being started. If any 2921 // init container fails, the pod is considered to have failed and is handled according 2922 // to its restartPolicy. The name for an init container or normal container must be 2923 // unique among all containers. 2924 // Init containers may not have Lifecycle actions, Readiness probes, or Liveness probes. 2925 // The resourceRequirements of an init container are taken into account during scheduling 2926 // by finding the highest request/limit for each resource type, and then using the max of 2927 // of that value or the sum of the normal containers. Limits are applied to init containers 2928 // in a similar fashion. 2929 // Init containers cannot currently be added or removed. 2930 // Cannot be updated. 2931 // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ 2932 // +patchMergeKey=name 2933 // +patchStrategy=merge 2934 repeated Container initContainers = 20; 2935 2936 // List of containers belonging to the pod. 2937 // Containers cannot currently be added or removed. 2938 // There must be at least one container in a Pod. 2939 // Cannot be updated. 2940 // +patchMergeKey=name 2941 // +patchStrategy=merge 2942 repeated Container containers = 2; 2943 2944 // Restart policy for all containers within the pod. 2945 // One of Always, OnFailure, Never. 2946 // Default to Always. 2947 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 2948 // +optional 2949 optional string restartPolicy = 3; 2950 2951 // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. 2952 // Value must be non-negative integer. The value zero indicates delete immediately. 2953 // If this value is nil, the default grace period will be used instead. 2954 // The grace period is the duration in seconds after the processes running in the pod are sent 2955 // a termination signal and the time when the processes are forcibly halted with a kill signal. 2956 // Set this value longer than the expected cleanup time for your process. 2957 // Defaults to 30 seconds. 2958 // +optional 2959 optional int64 terminationGracePeriodSeconds = 4; 2960 2961 // Optional duration in seconds the pod may be active on the node relative to 2962 // StartTime before the system will actively try to mark it failed and kill associated containers. 2963 // Value must be a positive integer. 2964 // +optional 2965 optional int64 activeDeadlineSeconds = 5; 2966 2967 // Set DNS policy for the pod. 2968 // Defaults to "ClusterFirst". 2969 // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. 2970 // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. 2971 // To have DNS options set along with hostNetwork, you have to specify DNS policy 2972 // explicitly to 'ClusterFirstWithHostNet'. 2973 // +optional 2974 optional string dnsPolicy = 6; 2975 2976 // NodeSelector is a selector which must be true for the pod to fit on a node. 2977 // Selector which must match a node's labels for the pod to be scheduled on that node. 2978 // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ 2979 // +optional 2980 map<string, string> nodeSelector = 7; 2981 2982 // ServiceAccountName is the name of the ServiceAccount to use to run this pod. 2983 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 2984 // +optional 2985 optional string serviceAccountName = 8; 2986 2987 // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. 2988 // Deprecated: Use serviceAccountName instead. 2989 // +k8s:conversion-gen=false 2990 // +optional 2991 optional string serviceAccount = 9; 2992 2993 // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 2994 // +optional 2995 optional bool automountServiceAccountToken = 21; 2996 2997 // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, 2998 // the scheduler simply schedules this pod onto that node, assuming that it fits resource 2999 // requirements. 3000 // +optional 3001 optional string nodeName = 10; 3002 3003 // Host networking requested for this pod. Use the host's network namespace. 3004 // If this option is set, the ports that will be used must be specified. 3005 // Default to false. 3006 // +k8s:conversion-gen=false 3007 // +optional 3008 optional bool hostNetwork = 11; 3009 3010 // Use the host's pid namespace. 3011 // Optional: Default to false. 3012 // +k8s:conversion-gen=false 3013 // +optional 3014 optional bool hostPID = 12; 3015 3016 // Use the host's ipc namespace. 3017 // Optional: Default to false. 3018 // +k8s:conversion-gen=false 3019 // +optional 3020 optional bool hostIPC = 13; 3021 3022 // Share a single process namespace between all of the containers in a pod. 3023 // When this is set containers will be able to view and signal processes from other containers 3024 // in the same pod, and the first process in each container will not be assigned PID 1. 3025 // HostPID and ShareProcessNamespace cannot both be set. 3026 // Optional: Default to false. 3027 // This field is alpha-level and is honored only by servers that enable the PodShareProcessNamespace feature. 3028 // +k8s:conversion-gen=false 3029 // +optional 3030 optional bool shareProcessNamespace = 27; 3031 3032 // SecurityContext holds pod-level security attributes and common container settings. 3033 // Optional: Defaults to empty. See type description for default values of each field. 3034 // +optional 3035 optional PodSecurityContext securityContext = 14; 3036 3037 // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. 3038 // If specified, these secrets will be passed to individual puller implementations for them to use. For example, 3039 // in the case of docker, only DockerConfig type secrets are honored. 3040 // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod 3041 // +optional 3042 // +patchMergeKey=name 3043 // +patchStrategy=merge 3044 repeated LocalObjectReference imagePullSecrets = 15; 3045 3046 // Specifies the hostname of the Pod 3047 // If not specified, the pod's hostname will be set to a system-defined value. 3048 // +optional 3049 optional string hostname = 16; 3050 3051 // If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". 3052 // If not specified, the pod will not have a domainname at all. 3053 // +optional 3054 optional string subdomain = 17; 3055 3056 // If specified, the pod's scheduling constraints 3057 // +optional 3058 optional Affinity affinity = 18; 3059 3060 // If specified, the pod will be dispatched by specified scheduler. 3061 // If not specified, the pod will be dispatched by default scheduler. 3062 // +optional 3063 optional string schedulerName = 19; 3064 3065 // If specified, the pod's tolerations. 3066 // +optional 3067 repeated Toleration tolerations = 22; 3068 3069 // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts 3070 // file if specified. This is only valid for non-hostNetwork pods. 3071 // +optional 3072 // +patchMergeKey=ip 3073 // +patchStrategy=merge 3074 repeated HostAlias hostAliases = 23; 3075 3076 // If specified, indicates the pod's priority. "system-node-critical" and 3077 // "system-cluster-critical" are two special keywords which indicate the 3078 // highest priorities with the former being the highest priority. Any other 3079 // name must be defined by creating a PriorityClass object with that name. 3080 // If not specified, the pod priority will be default or zero if there is no 3081 // default. 3082 // +optional 3083 optional string priorityClassName = 24; 3084 3085 // The priority value. Various system components use this field to find the 3086 // priority of the pod. When Priority Admission Controller is enabled, it 3087 // prevents users from setting this field. The admission controller populates 3088 // this field from PriorityClassName. 3089 // The higher the value, the higher the priority. 3090 // +optional 3091 optional int32 priority = 25; 3092 3093 // Specifies the DNS parameters of a pod. 3094 // Parameters specified here will be merged to the generated DNS 3095 // configuration based on DNSPolicy. 3096 // +optional 3097 optional PodDNSConfig dnsConfig = 26; 3098 3099 // If specified, all readiness gates will be evaluated for pod readiness. 3100 // A pod is ready when all its containers are ready AND 3101 // all conditions specified in the readiness gates have status equal to "True" 3102 // More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md 3103 // +optional 3104 repeated PodReadinessGate readinessGates = 28; 3105} 3106 3107// PodStatus represents information about the status of a pod. Status may trail the actual 3108// state of a system, especially if the node that hosts the pod cannot contact the control 3109// plane. 3110message PodStatus { 3111 // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. 3112 // The conditions array, the reason and message fields, and the individual container status 3113 // arrays contain more detail about the pod's status. 3114 // There are five possible phase values: 3115 // 3116 // Pending: The pod has been accepted by the Kubernetes system, but one or more of the 3117 // container images has not been created. This includes time before being scheduled as 3118 // well as time spent downloading images over the network, which could take a while. 3119 // Running: The pod has been bound to a node, and all of the containers have been created. 3120 // At least one container is still running, or is in the process of starting or restarting. 3121 // Succeeded: All containers in the pod have terminated in success, and will not be restarted. 3122 // Failed: All containers in the pod have terminated, and at least one container has 3123 // terminated in failure. The container either exited with non-zero status or was terminated 3124 // by the system. 3125 // Unknown: For some reason the state of the pod could not be obtained, typically due to an 3126 // error in communicating with the host of the pod. 3127 // 3128 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase 3129 // +optional 3130 optional string phase = 1; 3131 3132 // Current service state of pod. 3133 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions 3134 // +optional 3135 // +patchMergeKey=type 3136 // +patchStrategy=merge 3137 repeated PodCondition conditions = 2; 3138 3139 // A human readable message indicating details about why the pod is in this condition. 3140 // +optional 3141 optional string message = 3; 3142 3143 // A brief CamelCase message indicating details about why the pod is in this state. 3144 // e.g. 'Evicted' 3145 // +optional 3146 optional string reason = 4; 3147 3148 // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be 3149 // scheduled right away as preemption victims receive their graceful termination periods. 3150 // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide 3151 // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to 3152 // give the resources on this node to a higher priority pod that is created after preemption. 3153 // As a result, this field may be different than PodSpec.nodeName when the pod is 3154 // scheduled. 3155 // +optional 3156 optional string nominatedNodeName = 11; 3157 3158 // IP address of the host to which the pod is assigned. Empty if not yet scheduled. 3159 // +optional 3160 optional string hostIP = 5; 3161 3162 // IP address allocated to the pod. Routable at least within the cluster. 3163 // Empty if not yet allocated. 3164 // +optional 3165 optional string podIP = 6; 3166 3167 // RFC 3339 date and time at which the object was acknowledged by the Kubelet. 3168 // This is before the Kubelet pulled the container image(s) for the pod. 3169 // +optional 3170 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startTime = 7; 3171 3172 // The list has one entry per init container in the manifest. The most recent successful 3173 // init container will have ready = true, the most recently started container will have 3174 // startTime set. 3175 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status 3176 repeated ContainerStatus initContainerStatuses = 10; 3177 3178 // The list has one entry per container in the manifest. Each entry is currently the output 3179 // of `docker inspect`. 3180 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status 3181 // +optional 3182 repeated ContainerStatus containerStatuses = 8; 3183 3184 // The Quality of Service (QOS) classification assigned to the pod based on resource requirements 3185 // See PodQOSClass type for available QOS classes 3186 // More info: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md 3187 // +optional 3188 optional string qosClass = 9; 3189} 3190 3191// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded 3192message PodStatusResult { 3193 // Standard object's metadata. 3194 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3195 // +optional 3196 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3197 3198 // Most recently observed status of the pod. 3199 // This data may not be up to date. 3200 // Populated by the system. 3201 // Read-only. 3202 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 3203 // +optional 3204 optional PodStatus status = 2; 3205} 3206 3207// PodTemplate describes a template for creating copies of a predefined pod. 3208message PodTemplate { 3209 // Standard object's metadata. 3210 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3211 // +optional 3212 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3213 3214 // Template defines the pods that will be created from this pod template. 3215 // https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 3216 // +optional 3217 optional PodTemplateSpec template = 2; 3218} 3219 3220// PodTemplateList is a list of PodTemplates. 3221message PodTemplateList { 3222 // Standard list metadata. 3223 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 3224 // +optional 3225 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 3226 3227 // List of pod templates 3228 repeated PodTemplate items = 2; 3229} 3230 3231// PodTemplateSpec describes the data a pod should have when created from a template 3232message PodTemplateSpec { 3233 // Standard object's metadata. 3234 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3235 // +optional 3236 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3237 3238 // Specification of the desired behavior of the pod. 3239 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 3240 // +optional 3241 optional PodSpec spec = 2; 3242} 3243 3244// PortworxVolumeSource represents a Portworx volume resource. 3245message PortworxVolumeSource { 3246 // VolumeID uniquely identifies a Portworx volume 3247 optional string volumeID = 1; 3248 3249 // FSType represents the filesystem type to mount 3250 // Must be a filesystem type supported by the host operating system. 3251 // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 3252 optional string fsType = 2; 3253 3254 // Defaults to false (read/write). ReadOnly here will force 3255 // the ReadOnly setting in VolumeMounts. 3256 // +optional 3257 optional bool readOnly = 3; 3258} 3259 3260// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. 3261// +k8s:openapi-gen=false 3262message Preconditions { 3263 // Specifies the target UID. 3264 // +optional 3265 optional string uid = 1; 3266} 3267 3268// Describes a class of pods that should avoid this node. 3269message PreferAvoidPodsEntry { 3270 // The class of pods. 3271 optional PodSignature podSignature = 1; 3272 3273 // Time at which this entry was added to the list. 3274 // +optional 3275 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time evictionTime = 2; 3276 3277 // (brief) reason why this entry was added to the list. 3278 // +optional 3279 optional string reason = 3; 3280 3281 // Human readable message indicating why this entry was added to the list. 3282 // +optional 3283 optional string message = 4; 3284} 3285 3286// An empty preferred scheduling term matches all objects with implicit weight 0 3287// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 3288message PreferredSchedulingTerm { 3289 // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 3290 optional int32 weight = 1; 3291 3292 // A node selector term, associated with the corresponding weight. 3293 optional NodeSelectorTerm preference = 2; 3294} 3295 3296// Probe describes a health check to be performed against a container to determine whether it is 3297// alive or ready to receive traffic. 3298message Probe { 3299 // The action taken to determine the health of a container 3300 optional Handler handler = 1; 3301 3302 // Number of seconds after the container has started before liveness probes are initiated. 3303 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3304 // +optional 3305 optional int32 initialDelaySeconds = 2; 3306 3307 // Number of seconds after which the probe times out. 3308 // Defaults to 1 second. Minimum value is 1. 3309 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3310 // +optional 3311 optional int32 timeoutSeconds = 3; 3312 3313 // How often (in seconds) to perform the probe. 3314 // Default to 10 seconds. Minimum value is 1. 3315 // +optional 3316 optional int32 periodSeconds = 4; 3317 3318 // Minimum consecutive successes for the probe to be considered successful after having failed. 3319 // Defaults to 1. Must be 1 for liveness. Minimum value is 1. 3320 // +optional 3321 optional int32 successThreshold = 5; 3322 3323 // Minimum consecutive failures for the probe to be considered failed after having succeeded. 3324 // Defaults to 3. Minimum value is 1. 3325 // +optional 3326 optional int32 failureThreshold = 6; 3327} 3328 3329// Represents a projected volume source 3330message ProjectedVolumeSource { 3331 // list of volume projections 3332 repeated VolumeProjection sources = 1; 3333 3334 // Mode bits to use on created files by default. Must be a value between 3335 // 0 and 0777. 3336 // Directories within the path are not affected by this setting. 3337 // This might be in conflict with other options that affect the file 3338 // mode, like fsGroup, and the result can be other mode bits set. 3339 // +optional 3340 optional int32 defaultMode = 2; 3341} 3342 3343// Represents a Quobyte mount that lasts the lifetime of a pod. 3344// Quobyte volumes do not support ownership management or SELinux relabeling. 3345message QuobyteVolumeSource { 3346 // Registry represents a single or multiple Quobyte Registry services 3347 // specified as a string as host:port pair (multiple entries are separated with commas) 3348 // which acts as the central registry for volumes 3349 optional string registry = 1; 3350 3351 // Volume is a string that references an already created Quobyte volume by name. 3352 optional string volume = 2; 3353 3354 // ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. 3355 // Defaults to false. 3356 // +optional 3357 optional bool readOnly = 3; 3358 3359 // User to map volume access to 3360 // Defaults to serivceaccount user 3361 // +optional 3362 optional string user = 4; 3363 3364 // Group to map volume access to 3365 // Default is no group 3366 // +optional 3367 optional string group = 5; 3368} 3369 3370// Represents a Rados Block Device mount that lasts the lifetime of a pod. 3371// RBD volumes support ownership management and SELinux relabeling. 3372message RBDPersistentVolumeSource { 3373 // A collection of Ceph monitors. 3374 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3375 repeated string monitors = 1; 3376 3377 // The rados image name. 3378 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3379 optional string image = 2; 3380 3381 // Filesystem type of the volume that you want to mount. 3382 // Tip: Ensure that the filesystem type is supported by the host operating system. 3383 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3384 // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 3385 // TODO: how do we prevent errors in the filesystem from compromising the machine 3386 // +optional 3387 optional string fsType = 3; 3388 3389 // The rados pool name. 3390 // Default is rbd. 3391 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3392 // +optional 3393 optional string pool = 4; 3394 3395 // The rados user name. 3396 // Default is admin. 3397 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3398 // +optional 3399 optional string user = 5; 3400 3401 // Keyring is the path to key ring for RBDUser. 3402 // Default is /etc/ceph/keyring. 3403 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3404 // +optional 3405 optional string keyring = 6; 3406 3407 // SecretRef is name of the authentication secret for RBDUser. If provided 3408 // overrides keyring. 3409 // Default is nil. 3410 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3411 // +optional 3412 optional SecretReference secretRef = 7; 3413 3414 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 3415 // Defaults to false. 3416 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3417 // +optional 3418 optional bool readOnly = 8; 3419} 3420 3421// Represents a Rados Block Device mount that lasts the lifetime of a pod. 3422// RBD volumes support ownership management and SELinux relabeling. 3423message RBDVolumeSource { 3424 // A collection of Ceph monitors. 3425 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3426 repeated string monitors = 1; 3427 3428 // The rados image name. 3429 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3430 optional string image = 2; 3431 3432 // Filesystem type of the volume that you want to mount. 3433 // Tip: Ensure that the filesystem type is supported by the host operating system. 3434 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3435 // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 3436 // TODO: how do we prevent errors in the filesystem from compromising the machine 3437 // +optional 3438 optional string fsType = 3; 3439 3440 // The rados pool name. 3441 // Default is rbd. 3442 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3443 // +optional 3444 optional string pool = 4; 3445 3446 // The rados user name. 3447 // Default is admin. 3448 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3449 // +optional 3450 optional string user = 5; 3451 3452 // Keyring is the path to key ring for RBDUser. 3453 // Default is /etc/ceph/keyring. 3454 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3455 // +optional 3456 optional string keyring = 6; 3457 3458 // SecretRef is name of the authentication secret for RBDUser. If provided 3459 // overrides keyring. 3460 // Default is nil. 3461 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3462 // +optional 3463 optional LocalObjectReference secretRef = 7; 3464 3465 // ReadOnly here will force the ReadOnly setting in VolumeMounts. 3466 // Defaults to false. 3467 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it 3468 // +optional 3469 optional bool readOnly = 8; 3470} 3471 3472// RangeAllocation is not a public type. 3473message RangeAllocation { 3474 // Standard object's metadata. 3475 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3476 // +optional 3477 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3478 3479 // Range is string that identifies the range represented by 'data'. 3480 optional string range = 2; 3481 3482 // Data is a bit array containing all allocated addresses in the previous segment. 3483 optional bytes data = 3; 3484} 3485 3486// ReplicationController represents the configuration of a replication controller. 3487message ReplicationController { 3488 // If the Labels of a ReplicationController are empty, they are defaulted to 3489 // be the same as the Pod(s) that the replication controller manages. 3490 // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3491 // +optional 3492 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3493 3494 // Spec defines the specification of the desired behavior of the replication controller. 3495 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 3496 // +optional 3497 optional ReplicationControllerSpec spec = 2; 3498 3499 // Status is the most recently observed status of the replication controller. 3500 // This data may be out of date by some window of time. 3501 // Populated by the system. 3502 // Read-only. 3503 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 3504 // +optional 3505 optional ReplicationControllerStatus status = 3; 3506} 3507 3508// ReplicationControllerCondition describes the state of a replication controller at a certain point. 3509message ReplicationControllerCondition { 3510 // Type of replication controller condition. 3511 optional string type = 1; 3512 3513 // Status of the condition, one of True, False, Unknown. 3514 optional string status = 2; 3515 3516 // The last time the condition transitioned from one status to another. 3517 // +optional 3518 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; 3519 3520 // The reason for the condition's last transition. 3521 // +optional 3522 optional string reason = 4; 3523 3524 // A human readable message indicating details about the transition. 3525 // +optional 3526 optional string message = 5; 3527} 3528 3529// ReplicationControllerList is a collection of replication controllers. 3530message ReplicationControllerList { 3531 // Standard list metadata. 3532 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 3533 // +optional 3534 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 3535 3536 // List of replication controllers. 3537 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller 3538 repeated ReplicationController items = 2; 3539} 3540 3541// ReplicationControllerSpec is the specification of a replication controller. 3542message ReplicationControllerSpec { 3543 // Replicas is the number of desired replicas. 3544 // This is a pointer to distinguish between explicit zero and unspecified. 3545 // Defaults to 1. 3546 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller 3547 // +optional 3548 optional int32 replicas = 1; 3549 3550 // Minimum number of seconds for which a newly created pod should be ready 3551 // without any of its container crashing, for it to be considered available. 3552 // Defaults to 0 (pod will be considered available as soon as it is ready) 3553 // +optional 3554 optional int32 minReadySeconds = 4; 3555 3556 // Selector is a label query over pods that should match the Replicas count. 3557 // If Selector is empty, it is defaulted to the labels present on the Pod template. 3558 // Label keys and values that must match in order to be controlled by this replication 3559 // controller, if empty defaulted to labels on Pod template. 3560 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors 3561 // +optional 3562 map<string, string> selector = 2; 3563 3564 // Template is the object that describes the pod that will be created if 3565 // insufficient replicas are detected. This takes precedence over a TemplateRef. 3566 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template 3567 // +optional 3568 optional PodTemplateSpec template = 3; 3569} 3570 3571// ReplicationControllerStatus represents the current status of a replication 3572// controller. 3573message ReplicationControllerStatus { 3574 // Replicas is the most recently oberved number of replicas. 3575 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller 3576 optional int32 replicas = 1; 3577 3578 // The number of pods that have labels matching the labels of the pod template of the replication controller. 3579 // +optional 3580 optional int32 fullyLabeledReplicas = 2; 3581 3582 // The number of ready replicas for this replication controller. 3583 // +optional 3584 optional int32 readyReplicas = 4; 3585 3586 // The number of available replicas (ready for at least minReadySeconds) for this replication controller. 3587 // +optional 3588 optional int32 availableReplicas = 5; 3589 3590 // ObservedGeneration reflects the generation of the most recently observed replication controller. 3591 // +optional 3592 optional int64 observedGeneration = 3; 3593 3594 // Represents the latest available observations of a replication controller's current state. 3595 // +optional 3596 // +patchMergeKey=type 3597 // +patchStrategy=merge 3598 repeated ReplicationControllerCondition conditions = 6; 3599} 3600 3601// ResourceFieldSelector represents container resources (cpu, memory) and their output format 3602message ResourceFieldSelector { 3603 // Container name: required for volumes, optional for env vars 3604 // +optional 3605 optional string containerName = 1; 3606 3607 // Required: resource to select 3608 optional string resource = 2; 3609 3610 // Specifies the output format of the exposed resources, defaults to "1" 3611 // +optional 3612 optional k8s.io.apimachinery.pkg.api.resource.Quantity divisor = 3; 3613} 3614 3615// ResourceQuota sets aggregate quota restrictions enforced per namespace 3616message ResourceQuota { 3617 // Standard object's metadata. 3618 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3619 // +optional 3620 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3621 3622 // Spec defines the desired quota. 3623 // https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 3624 // +optional 3625 optional ResourceQuotaSpec spec = 2; 3626 3627 // Status defines the actual enforced quota and its current usage. 3628 // https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 3629 // +optional 3630 optional ResourceQuotaStatus status = 3; 3631} 3632 3633// ResourceQuotaList is a list of ResourceQuota items. 3634message ResourceQuotaList { 3635 // Standard list metadata. 3636 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 3637 // +optional 3638 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 3639 3640 // Items is a list of ResourceQuota objects. 3641 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ 3642 repeated ResourceQuota items = 2; 3643} 3644 3645// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. 3646message ResourceQuotaSpec { 3647 // hard is the set of desired hard limits for each named resource. 3648 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ 3649 // +optional 3650 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> hard = 1; 3651 3652 // A collection of filters that must match each object tracked by a quota. 3653 // If not specified, the quota matches all objects. 3654 // +optional 3655 repeated string scopes = 2; 3656 3657 // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota 3658 // but expressed using ScopeSelectorOperator in combination with possible values. 3659 // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. 3660 // +optional 3661 optional ScopeSelector scopeSelector = 3; 3662} 3663 3664// ResourceQuotaStatus defines the enforced hard limits and observed use. 3665message ResourceQuotaStatus { 3666 // Hard is the set of enforced hard limits for each named resource. 3667 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ 3668 // +optional 3669 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> hard = 1; 3670 3671 // Used is the current observed total usage of the resource in the namespace. 3672 // +optional 3673 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> used = 2; 3674} 3675 3676// ResourceRequirements describes the compute resource requirements. 3677message ResourceRequirements { 3678 // Limits describes the maximum amount of compute resources allowed. 3679 // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ 3680 // +optional 3681 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> limits = 1; 3682 3683 // Requests describes the minimum amount of compute resources required. 3684 // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 3685 // otherwise to an implementation-defined value. 3686 // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ 3687 // +optional 3688 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> requests = 2; 3689} 3690 3691// SELinuxOptions are the labels to be applied to the container 3692message SELinuxOptions { 3693 // User is a SELinux user label that applies to the container. 3694 // +optional 3695 optional string user = 1; 3696 3697 // Role is a SELinux role label that applies to the container. 3698 // +optional 3699 optional string role = 2; 3700 3701 // Type is a SELinux type label that applies to the container. 3702 // +optional 3703 optional string type = 3; 3704 3705 // Level is SELinux level label that applies to the container. 3706 // +optional 3707 optional string level = 4; 3708} 3709 3710// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume 3711message ScaleIOPersistentVolumeSource { 3712 // The host address of the ScaleIO API Gateway. 3713 optional string gateway = 1; 3714 3715 // The name of the storage system as configured in ScaleIO. 3716 optional string system = 2; 3717 3718 // SecretRef references to the secret for ScaleIO user and other 3719 // sensitive information. If this is not provided, Login operation will fail. 3720 optional SecretReference secretRef = 3; 3721 3722 // Flag to enable/disable SSL communication with Gateway, default false 3723 // +optional 3724 optional bool sslEnabled = 4; 3725 3726 // The name of the ScaleIO Protection Domain for the configured storage. 3727 // +optional 3728 optional string protectionDomain = 5; 3729 3730 // The ScaleIO Storage Pool associated with the protection domain. 3731 // +optional 3732 optional string storagePool = 6; 3733 3734 // Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. 3735 // +optional 3736 optional string storageMode = 7; 3737 3738 // The name of a volume already created in the ScaleIO system 3739 // that is associated with this volume source. 3740 optional string volumeName = 8; 3741 3742 // Filesystem type to mount. 3743 // Must be a filesystem type supported by the host operating system. 3744 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3745 // +optional 3746 optional string fsType = 9; 3747 3748 // Defaults to false (read/write). ReadOnly here will force 3749 // the ReadOnly setting in VolumeMounts. 3750 // +optional 3751 optional bool readOnly = 10; 3752} 3753 3754// ScaleIOVolumeSource represents a persistent ScaleIO volume 3755message ScaleIOVolumeSource { 3756 // The host address of the ScaleIO API Gateway. 3757 optional string gateway = 1; 3758 3759 // The name of the storage system as configured in ScaleIO. 3760 optional string system = 2; 3761 3762 // SecretRef references to the secret for ScaleIO user and other 3763 // sensitive information. If this is not provided, Login operation will fail. 3764 optional LocalObjectReference secretRef = 3; 3765 3766 // Flag to enable/disable SSL communication with Gateway, default false 3767 // +optional 3768 optional bool sslEnabled = 4; 3769 3770 // The name of the ScaleIO Protection Domain for the configured storage. 3771 // +optional 3772 optional string protectionDomain = 5; 3773 3774 // The ScaleIO Storage Pool associated with the protection domain. 3775 // +optional 3776 optional string storagePool = 6; 3777 3778 // Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. 3779 // +optional 3780 optional string storageMode = 7; 3781 3782 // The name of a volume already created in the ScaleIO system 3783 // that is associated with this volume source. 3784 optional string volumeName = 8; 3785 3786 // Filesystem type to mount. 3787 // Must be a filesystem type supported by the host operating system. 3788 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3789 // +optional 3790 optional string fsType = 9; 3791 3792 // Defaults to false (read/write). ReadOnly here will force 3793 // the ReadOnly setting in VolumeMounts. 3794 // +optional 3795 optional bool readOnly = 10; 3796} 3797 3798// A scope selector represents the AND of the selectors represented 3799// by the scoped-resource selector requirements. 3800message ScopeSelector { 3801 // A list of scope selector requirements by scope of the resources. 3802 // +optional 3803 repeated ScopedResourceSelectorRequirement matchExpressions = 1; 3804} 3805 3806// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator 3807// that relates the scope name and values. 3808message ScopedResourceSelectorRequirement { 3809 // The name of the scope that the selector applies to. 3810 optional string scopeName = 1; 3811 3812 // Represents a scope's relationship to a set of values. 3813 // Valid operators are In, NotIn, Exists, DoesNotExist. 3814 optional string operator = 2; 3815 3816 // An array of string values. If the operator is In or NotIn, 3817 // the values array must be non-empty. If the operator is Exists or DoesNotExist, 3818 // the values array must be empty. 3819 // This array is replaced during a strategic merge patch. 3820 // +optional 3821 repeated string values = 3; 3822} 3823 3824// Secret holds secret data of a certain type. The total bytes of the values in 3825// the Data field must be less than MaxSecretSize bytes. 3826message Secret { 3827 // Standard object's metadata. 3828 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3829 // +optional 3830 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 3831 3832 // Data contains the secret data. Each key must consist of alphanumeric 3833 // characters, '-', '_' or '.'. The serialized form of the secret data is a 3834 // base64 encoded string, representing the arbitrary (possibly non-string) 3835 // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 3836 // +optional 3837 map<string, bytes> data = 2; 3838 3839 // stringData allows specifying non-binary secret data in string form. 3840 // It is provided as a write-only convenience method. 3841 // All keys and values are merged into the data field on write, overwriting any existing values. 3842 // It is never output when reading from the API. 3843 // +k8s:conversion-gen=false 3844 // +optional 3845 map<string, string> stringData = 4; 3846 3847 // Used to facilitate programmatic handling of secret data. 3848 // +optional 3849 optional string type = 3; 3850} 3851 3852// SecretEnvSource selects a Secret to populate the environment 3853// variables with. 3854// 3855// The contents of the target Secret's Data field will represent the 3856// key-value pairs as environment variables. 3857message SecretEnvSource { 3858 // The Secret to select from. 3859 optional LocalObjectReference localObjectReference = 1; 3860 3861 // Specify whether the Secret must be defined 3862 // +optional 3863 optional bool optional = 2; 3864} 3865 3866// SecretKeySelector selects a key of a Secret. 3867message SecretKeySelector { 3868 // The name of the secret in the pod's namespace to select from. 3869 optional LocalObjectReference localObjectReference = 1; 3870 3871 // The key of the secret to select from. Must be a valid secret key. 3872 optional string key = 2; 3873 3874 // Specify whether the Secret or it's key must be defined 3875 // +optional 3876 optional bool optional = 3; 3877} 3878 3879// SecretList is a list of Secret. 3880message SecretList { 3881 // Standard list metadata. 3882 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 3883 // +optional 3884 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 3885 3886 // Items is a list of secret objects. 3887 // More info: https://kubernetes.io/docs/concepts/configuration/secret 3888 repeated Secret items = 2; 3889} 3890 3891// Adapts a secret into a projected volume. 3892// 3893// The contents of the target Secret's Data field will be presented in a 3894// projected volume as files using the keys in the Data field as the file names. 3895// Note that this is identical to a secret volume source without the default 3896// mode. 3897message SecretProjection { 3898 optional LocalObjectReference localObjectReference = 1; 3899 3900 // If unspecified, each key-value pair in the Data field of the referenced 3901 // Secret will be projected into the volume as a file whose name is the 3902 // key and content is the value. If specified, the listed keys will be 3903 // projected into the specified paths, and unlisted keys will not be 3904 // present. If a key is specified which is not present in the Secret, 3905 // the volume setup will error unless it is marked optional. Paths must be 3906 // relative and may not contain the '..' path or start with '..'. 3907 // +optional 3908 repeated KeyToPath items = 2; 3909 3910 // Specify whether the Secret or its key must be defined 3911 // +optional 3912 optional bool optional = 4; 3913} 3914 3915// SecretReference represents a Secret Reference. It has enough information to retrieve secret 3916// in any namespace 3917message SecretReference { 3918 // Name is unique within a namespace to reference a secret resource. 3919 // +optional 3920 optional string name = 1; 3921 3922 // Namespace defines the space within which the secret name must be unique. 3923 // +optional 3924 optional string namespace = 2; 3925} 3926 3927// Adapts a Secret into a volume. 3928// 3929// The contents of the target Secret's Data field will be presented in a volume 3930// as files using the keys in the Data field as the file names. 3931// Secret volumes support ownership management and SELinux relabeling. 3932message SecretVolumeSource { 3933 // Name of the secret in the pod's namespace to use. 3934 // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 3935 // +optional 3936 optional string secretName = 1; 3937 3938 // If unspecified, each key-value pair in the Data field of the referenced 3939 // Secret will be projected into the volume as a file whose name is the 3940 // key and content is the value. If specified, the listed keys will be 3941 // projected into the specified paths, and unlisted keys will not be 3942 // present. If a key is specified which is not present in the Secret, 3943 // the volume setup will error unless it is marked optional. Paths must be 3944 // relative and may not contain the '..' path or start with '..'. 3945 // +optional 3946 repeated KeyToPath items = 2; 3947 3948 // Optional: mode bits to use on created files by default. Must be a 3949 // value between 0 and 0777. Defaults to 0644. 3950 // Directories within the path are not affected by this setting. 3951 // This might be in conflict with other options that affect the file 3952 // mode, like fsGroup, and the result can be other mode bits set. 3953 // +optional 3954 optional int32 defaultMode = 3; 3955 3956 // Specify whether the Secret or it's keys must be defined 3957 // +optional 3958 optional bool optional = 4; 3959} 3960 3961// SecurityContext holds security configuration that will be applied to a container. 3962// Some fields are present in both SecurityContext and PodSecurityContext. When both 3963// are set, the values in SecurityContext take precedence. 3964message SecurityContext { 3965 // The capabilities to add/drop when running containers. 3966 // Defaults to the default set of capabilities granted by the container runtime. 3967 // +optional 3968 optional Capabilities capabilities = 1; 3969 3970 // Run container in privileged mode. 3971 // Processes in privileged containers are essentially equivalent to root on the host. 3972 // Defaults to false. 3973 // +optional 3974 optional bool privileged = 2; 3975 3976 // The SELinux context to be applied to the container. 3977 // If unspecified, the container runtime will allocate a random SELinux context for each 3978 // container. May also be set in PodSecurityContext. If set in both SecurityContext and 3979 // PodSecurityContext, the value specified in SecurityContext takes precedence. 3980 // +optional 3981 optional SELinuxOptions seLinuxOptions = 3; 3982 3983 // The UID to run the entrypoint of the container process. 3984 // Defaults to user specified in image metadata if unspecified. 3985 // May also be set in PodSecurityContext. If set in both SecurityContext and 3986 // PodSecurityContext, the value specified in SecurityContext takes precedence. 3987 // +optional 3988 optional int64 runAsUser = 4; 3989 3990 // The GID to run the entrypoint of the container process. 3991 // Uses runtime default if unset. 3992 // May also be set in PodSecurityContext. If set in both SecurityContext and 3993 // PodSecurityContext, the value specified in SecurityContext takes precedence. 3994 // +optional 3995 optional int64 runAsGroup = 8; 3996 3997 // Indicates that the container must run as a non-root user. 3998 // If true, the Kubelet will validate the image at runtime to ensure that it 3999 // does not run as UID 0 (root) and fail to start the container if it does. 4000 // If unset or false, no such validation will be performed. 4001 // May also be set in PodSecurityContext. If set in both SecurityContext and 4002 // PodSecurityContext, the value specified in SecurityContext takes precedence. 4003 // +optional 4004 optional bool runAsNonRoot = 5; 4005 4006 // Whether this container has a read-only root filesystem. 4007 // Default is false. 4008 // +optional 4009 optional bool readOnlyRootFilesystem = 6; 4010 4011 // AllowPrivilegeEscalation controls whether a process can gain more 4012 // privileges than its parent process. This bool directly controls if 4013 // the no_new_privs flag will be set on the container process. 4014 // AllowPrivilegeEscalation is true always when the container is: 4015 // 1) run as Privileged 4016 // 2) has CAP_SYS_ADMIN 4017 // +optional 4018 optional bool allowPrivilegeEscalation = 7; 4019} 4020 4021// SerializedReference is a reference to serialized object. 4022message SerializedReference { 4023 // The reference to an object in the system. 4024 // +optional 4025 optional ObjectReference reference = 1; 4026} 4027 4028// Service is a named abstraction of software service (for example, mysql) consisting of local port 4029// (for example 3306) that the proxy listens on, and the selector that determines which pods 4030// will answer requests sent through the proxy. 4031message Service { 4032 // Standard object's metadata. 4033 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 4034 // +optional 4035 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 4036 4037 // Spec defines the behavior of a service. 4038 // https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 4039 // +optional 4040 optional ServiceSpec spec = 2; 4041 4042 // Most recently observed status of the service. 4043 // Populated by the system. 4044 // Read-only. 4045 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status 4046 // +optional 4047 optional ServiceStatus status = 3; 4048} 4049 4050// ServiceAccount binds together: 4051// * a name, understood by users, and perhaps by peripheral systems, for an identity 4052// * a principal that can be authenticated and authorized 4053// * a set of secrets 4054message ServiceAccount { 4055 // Standard object's metadata. 4056 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 4057 // +optional 4058 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; 4059 4060 // Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. 4061 // More info: https://kubernetes.io/docs/concepts/configuration/secret 4062 // +optional 4063 // +patchMergeKey=name 4064 // +patchStrategy=merge 4065 repeated ObjectReference secrets = 2; 4066 4067 // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images 4068 // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets 4069 // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. 4070 // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod 4071 // +optional 4072 repeated LocalObjectReference imagePullSecrets = 3; 4073 4074 // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. 4075 // Can be overridden at the pod level. 4076 // +optional 4077 optional bool automountServiceAccountToken = 4; 4078} 4079 4080// ServiceAccountList is a list of ServiceAccount objects 4081message ServiceAccountList { 4082 // Standard list metadata. 4083 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 4084 // +optional 4085 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 4086 4087 // List of ServiceAccounts. 4088 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 4089 repeated ServiceAccount items = 2; 4090} 4091 4092// ServiceAccountTokenProjection represents a projected service account token 4093// volume. This projection can be used to insert a service account token into 4094// the pods runtime filesystem for use against APIs (Kubernetes API Server or 4095// otherwise). 4096message ServiceAccountTokenProjection { 4097 // Audience is the intended audience of the token. A recipient of a token 4098 // must identify itself with an identifier specified in the audience of the 4099 // token, and otherwise should reject the token. The audience defaults to the 4100 // identifier of the apiserver. 4101 // +optional 4102 optional string audience = 1; 4103 4104 // ExpirationSeconds is the requested duration of validity of the service 4105 // account token. As the token approaches expiration, the kubelet volume 4106 // plugin will proactively rotate the service account token. The kubelet will 4107 // start trying to rotate the token if the token is older than 80 percent of 4108 // its time to live or if the token is older than 24 hours.Defaults to 1 hour 4109 // and must be at least 10 minutes. 4110 // +optional 4111 optional int64 expirationSeconds = 2; 4112 4113 // Path is the path relative to the mount point of the file to project the 4114 // token into. 4115 optional string path = 3; 4116} 4117 4118// ServiceList holds a list of services. 4119message ServiceList { 4120 // Standard list metadata. 4121 // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds 4122 // +optional 4123 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; 4124 4125 // List of services 4126 repeated Service items = 2; 4127} 4128 4129// ServicePort contains information on service's port. 4130message ServicePort { 4131 // The name of this port within the service. This must be a DNS_LABEL. 4132 // All ports within a ServiceSpec must have unique names. This maps to 4133 // the 'Name' field in EndpointPort objects. 4134 // Optional if only one ServicePort is defined on this service. 4135 // +optional 4136 optional string name = 1; 4137 4138 // The IP protocol for this port. Supports "TCP" and "UDP". 4139 // Default is TCP. 4140 // +optional 4141 optional string protocol = 2; 4142 4143 // The port that will be exposed by this service. 4144 optional int32 port = 3; 4145 4146 // Number or name of the port to access on the pods targeted by the service. 4147 // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 4148 // If this is a string, it will be looked up as a named port in the 4149 // target Pod's container ports. If this is not specified, the value 4150 // of the 'port' field is used (an identity map). 4151 // This field is ignored for services with clusterIP=None, and should be 4152 // omitted or set equal to the 'port' field. 4153 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service 4154 // +optional 4155 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString targetPort = 4; 4156 4157 // The port on each node on which this service is exposed when type=NodePort or LoadBalancer. 4158 // Usually assigned by the system. If specified, it will be allocated to the service 4159 // if unused or else creation of the service will fail. 4160 // Default is to auto-allocate a port if the ServiceType of this Service requires one. 4161 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport 4162 // +optional 4163 optional int32 nodePort = 5; 4164} 4165 4166// ServiceProxyOptions is the query options to a Service's proxy call. 4167message ServiceProxyOptions { 4168 // Path is the part of URLs that include service endpoints, suffixes, 4169 // and parameters to use for the current proxy request to service. 4170 // For example, the whole request URL is 4171 // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. 4172 // Path is _search?q=user:kimchy. 4173 // +optional 4174 optional string path = 1; 4175} 4176 4177// ServiceSpec describes the attributes that a user creates on a service. 4178message ServiceSpec { 4179 // The list of ports that are exposed by this service. 4180 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies 4181 // +patchMergeKey=port 4182 // +patchStrategy=merge 4183 repeated ServicePort ports = 1; 4184 4185 // Route service traffic to pods with label keys and values matching this 4186 // selector. If empty or not present, the service is assumed to have an 4187 // external process managing its endpoints, which Kubernetes will not 4188 // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. 4189 // Ignored if type is ExternalName. 4190 // More info: https://kubernetes.io/docs/concepts/services-networking/service/ 4191 // +optional 4192 map<string, string> selector = 2; 4193 4194 // clusterIP is the IP address of the service and is usually assigned 4195 // randomly by the master. If an address is specified manually and is not in 4196 // use by others, it will be allocated to the service; otherwise, creation 4197 // of the service will fail. This field can not be changed through updates. 4198 // Valid values are "None", empty string (""), or a valid IP address. "None" 4199 // can be specified for headless services when proxying is not required. 4200 // Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if 4201 // type is ExternalName. 4202 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies 4203 // +optional 4204 optional string clusterIP = 3; 4205 4206 // type determines how the Service is exposed. Defaults to ClusterIP. Valid 4207 // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. 4208 // "ExternalName" maps to the specified externalName. 4209 // "ClusterIP" allocates a cluster-internal IP address for load-balancing to 4210 // endpoints. Endpoints are determined by the selector or if that is not 4211 // specified, by manual construction of an Endpoints object. If clusterIP is 4212 // "None", no virtual IP is allocated and the endpoints are published as a 4213 // set of endpoints rather than a stable IP. 4214 // "NodePort" builds on ClusterIP and allocates a port on every node which 4215 // routes to the clusterIP. 4216 // "LoadBalancer" builds on NodePort and creates an 4217 // external load-balancer (if supported in the current cloud) which routes 4218 // to the clusterIP. 4219 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types 4220 // +optional 4221 optional string type = 4; 4222 4223 // externalIPs is a list of IP addresses for which nodes in the cluster 4224 // will also accept traffic for this service. These IPs are not managed by 4225 // Kubernetes. The user is responsible for ensuring that traffic arrives 4226 // at a node with this IP. A common example is external load-balancers 4227 // that are not part of the Kubernetes system. 4228 // +optional 4229 repeated string externalIPs = 5; 4230 4231 // Supports "ClientIP" and "None". Used to maintain session affinity. 4232 // Enable client IP based session affinity. 4233 // Must be ClientIP or None. 4234 // Defaults to None. 4235 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies 4236 // +optional 4237 optional string sessionAffinity = 7; 4238 4239 // Only applies to Service Type: LoadBalancer 4240 // LoadBalancer will get created with the IP specified in this field. 4241 // This feature depends on whether the underlying cloud-provider supports specifying 4242 // the loadBalancerIP when a load balancer is created. 4243 // This field will be ignored if the cloud-provider does not support the feature. 4244 // +optional 4245 optional string loadBalancerIP = 8; 4246 4247 // If specified and supported by the platform, this will restrict traffic through the cloud-provider 4248 // load-balancer will be restricted to the specified client IPs. This field will be ignored if the 4249 // cloud-provider does not support the feature." 4250 // More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ 4251 // +optional 4252 repeated string loadBalancerSourceRanges = 9; 4253 4254 // externalName is the external reference that kubedns or equivalent will 4255 // return as a CNAME record for this service. No proxying will be involved. 4256 // Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) 4257 // and requires Type to be ExternalName. 4258 // +optional 4259 optional string externalName = 10; 4260 4261 // externalTrafficPolicy denotes if this Service desires to route external 4262 // traffic to node-local or cluster-wide endpoints. "Local" preserves the 4263 // client source IP and avoids a second hop for LoadBalancer and Nodeport 4264 // type services, but risks potentially imbalanced traffic spreading. 4265 // "Cluster" obscures the client source IP and may cause a second hop to 4266 // another node, but should have good overall load-spreading. 4267 // +optional 4268 optional string externalTrafficPolicy = 11; 4269 4270 // healthCheckNodePort specifies the healthcheck nodePort for the service. 4271 // If not specified, HealthCheckNodePort is created by the service api 4272 // backend with the allocated nodePort. Will use user-specified nodePort value 4273 // if specified by the client. Only effects when Type is set to LoadBalancer 4274 // and ExternalTrafficPolicy is set to Local. 4275 // +optional 4276 optional int32 healthCheckNodePort = 12; 4277 4278 // publishNotReadyAddresses, when set to true, indicates that DNS implementations 4279 // must publish the notReadyAddresses of subsets for the Endpoints associated with 4280 // the Service. The default value is false. 4281 // The primary use case for setting this field is to use a StatefulSet's Headless Service 4282 // to propagate SRV records for its Pods without respect to their readiness for purpose 4283 // of peer discovery. 4284 // +optional 4285 optional bool publishNotReadyAddresses = 13; 4286 4287 // sessionAffinityConfig contains the configurations of session affinity. 4288 // +optional 4289 optional SessionAffinityConfig sessionAffinityConfig = 14; 4290} 4291 4292// ServiceStatus represents the current status of a service. 4293message ServiceStatus { 4294 // LoadBalancer contains the current status of the load-balancer, 4295 // if one is present. 4296 // +optional 4297 optional LoadBalancerStatus loadBalancer = 1; 4298} 4299 4300// SessionAffinityConfig represents the configurations of session affinity. 4301message SessionAffinityConfig { 4302 // clientIP contains the configurations of Client IP based session affinity. 4303 // +optional 4304 optional ClientIPConfig clientIP = 1; 4305} 4306 4307// Represents a StorageOS persistent volume resource. 4308message StorageOSPersistentVolumeSource { 4309 // VolumeName is the human-readable name of the StorageOS volume. Volume 4310 // names are only unique within a namespace. 4311 optional string volumeName = 1; 4312 4313 // VolumeNamespace specifies the scope of the volume within StorageOS. If no 4314 // namespace is specified then the Pod's namespace will be used. This allows the 4315 // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. 4316 // Set VolumeName to any name to override the default behaviour. 4317 // Set to "default" if you are not using namespaces within StorageOS. 4318 // Namespaces that do not pre-exist within StorageOS will be created. 4319 // +optional 4320 optional string volumeNamespace = 2; 4321 4322 // Filesystem type to mount. 4323 // Must be a filesystem type supported by the host operating system. 4324 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4325 // +optional 4326 optional string fsType = 3; 4327 4328 // Defaults to false (read/write). ReadOnly here will force 4329 // the ReadOnly setting in VolumeMounts. 4330 // +optional 4331 optional bool readOnly = 4; 4332 4333 // SecretRef specifies the secret to use for obtaining the StorageOS API 4334 // credentials. If not specified, default values will be attempted. 4335 // +optional 4336 optional ObjectReference secretRef = 5; 4337} 4338 4339// Represents a StorageOS persistent volume resource. 4340message StorageOSVolumeSource { 4341 // VolumeName is the human-readable name of the StorageOS volume. Volume 4342 // names are only unique within a namespace. 4343 optional string volumeName = 1; 4344 4345 // VolumeNamespace specifies the scope of the volume within StorageOS. If no 4346 // namespace is specified then the Pod's namespace will be used. This allows the 4347 // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. 4348 // Set VolumeName to any name to override the default behaviour. 4349 // Set to "default" if you are not using namespaces within StorageOS. 4350 // Namespaces that do not pre-exist within StorageOS will be created. 4351 // +optional 4352 optional string volumeNamespace = 2; 4353 4354 // Filesystem type to mount. 4355 // Must be a filesystem type supported by the host operating system. 4356 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4357 // +optional 4358 optional string fsType = 3; 4359 4360 // Defaults to false (read/write). ReadOnly here will force 4361 // the ReadOnly setting in VolumeMounts. 4362 // +optional 4363 optional bool readOnly = 4; 4364 4365 // SecretRef specifies the secret to use for obtaining the StorageOS API 4366 // credentials. If not specified, default values will be attempted. 4367 // +optional 4368 optional LocalObjectReference secretRef = 5; 4369} 4370 4371// Sysctl defines a kernel parameter to be set 4372message Sysctl { 4373 // Name of a property to set 4374 optional string name = 1; 4375 4376 // Value of a property to set 4377 optional string value = 2; 4378} 4379 4380// TCPSocketAction describes an action based on opening a socket 4381message TCPSocketAction { 4382 // Number or name of the port to access on the container. 4383 // Number must be in the range 1 to 65535. 4384 // Name must be an IANA_SVC_NAME. 4385 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 1; 4386 4387 // Optional: Host name to connect to, defaults to the pod IP. 4388 // +optional 4389 optional string host = 2; 4390} 4391 4392// The node this Taint is attached to has the "effect" on 4393// any pod that does not tolerate the Taint. 4394message Taint { 4395 // Required. The taint key to be applied to a node. 4396 optional string key = 1; 4397 4398 // Required. The taint value corresponding to the taint key. 4399 // +optional 4400 optional string value = 2; 4401 4402 // Required. The effect of the taint on pods 4403 // that do not tolerate the taint. 4404 // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 4405 optional string effect = 3; 4406 4407 // TimeAdded represents the time at which the taint was added. 4408 // It is only written for NoExecute taints. 4409 // +optional 4410 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time timeAdded = 4; 4411} 4412 4413// The pod this Toleration is attached to tolerates any taint that matches 4414// the triple <key,value,effect> using the matching operator <operator>. 4415message Toleration { 4416 // Key is the taint key that the toleration applies to. Empty means match all taint keys. 4417 // If the key is empty, operator must be Exists; this combination means to match all values and all keys. 4418 // +optional 4419 optional string key = 1; 4420 4421 // Operator represents a key's relationship to the value. 4422 // Valid operators are Exists and Equal. Defaults to Equal. 4423 // Exists is equivalent to wildcard for value, so that a pod can 4424 // tolerate all taints of a particular category. 4425 // +optional 4426 optional string operator = 2; 4427 4428 // Value is the taint value the toleration matches to. 4429 // If the operator is Exists, the value should be empty, otherwise just a regular string. 4430 // +optional 4431 optional string value = 3; 4432 4433 // Effect indicates the taint effect to match. Empty means match all taint effects. 4434 // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 4435 // +optional 4436 optional string effect = 4; 4437 4438 // TolerationSeconds represents the period of time the toleration (which must be 4439 // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 4440 // it is not set, which means tolerate the taint forever (do not evict). Zero and 4441 // negative values will be treated as 0 (evict immediately) by the system. 4442 // +optional 4443 optional int64 tolerationSeconds = 5; 4444} 4445 4446// A topology selector requirement is a selector that matches given label. 4447// This is an alpha feature and may change in the future. 4448message TopologySelectorLabelRequirement { 4449 // The label key that the selector applies to. 4450 optional string key = 1; 4451 4452 // An array of string values. One value must match the label to be selected. 4453 // Each entry in Values is ORed. 4454 repeated string values = 2; 4455} 4456 4457// A topology selector term represents the result of label queries. 4458// A null or empty topology selector term matches no objects. 4459// The requirements of them are ANDed. 4460// It provides a subset of functionality as NodeSelectorTerm. 4461// This is an alpha feature and may change in the future. 4462message TopologySelectorTerm { 4463 // A list of topology selector requirements by labels. 4464 // +optional 4465 repeated TopologySelectorLabelRequirement matchLabelExpressions = 1; 4466} 4467 4468// Volume represents a named volume in a pod that may be accessed by any container in the pod. 4469message Volume { 4470 // Volume's name. 4471 // Must be a DNS_LABEL and unique within the pod. 4472 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4473 optional string name = 1; 4474 4475 // VolumeSource represents the location and type of the mounted volume. 4476 // If not specified, the Volume is implied to be an EmptyDir. 4477 // This implied behavior is deprecated and will be removed in a future version. 4478 optional VolumeSource volumeSource = 2; 4479} 4480 4481// volumeDevice describes a mapping of a raw block device within a container. 4482message VolumeDevice { 4483 // name must match the name of a persistentVolumeClaim in the pod 4484 optional string name = 1; 4485 4486 // devicePath is the path inside of the container that the device will be mapped to. 4487 optional string devicePath = 2; 4488} 4489 4490// VolumeMount describes a mounting of a Volume within a container. 4491message VolumeMount { 4492 // This must match the Name of a Volume. 4493 optional string name = 1; 4494 4495 // Mounted read-only if true, read-write otherwise (false or unspecified). 4496 // Defaults to false. 4497 // +optional 4498 optional bool readOnly = 2; 4499 4500 // Path within the container at which the volume should be mounted. Must 4501 // not contain ':'. 4502 optional string mountPath = 3; 4503 4504 // Path within the volume from which the container's volume should be mounted. 4505 // Defaults to "" (volume's root). 4506 // +optional 4507 optional string subPath = 4; 4508 4509 // mountPropagation determines how mounts are propagated from the host 4510 // to container and the other way around. 4511 // When not set, MountPropagationNone is used. 4512 // This field is beta in 1.10. 4513 // +optional 4514 optional string mountPropagation = 5; 4515} 4516 4517// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. 4518message VolumeNodeAffinity { 4519 // Required specifies hard node constraints that must be met. 4520 optional NodeSelector required = 1; 4521} 4522 4523// Projection that may be projected along with other supported volume types 4524message VolumeProjection { 4525 // information about the secret data to project 4526 // +optional 4527 optional SecretProjection secret = 1; 4528 4529 // information about the downwardAPI data to project 4530 // +optional 4531 optional DownwardAPIProjection downwardAPI = 2; 4532 4533 // information about the configMap data to project 4534 // +optional 4535 optional ConfigMapProjection configMap = 3; 4536 4537 // information about the serviceAccountToken data to project 4538 // +optional 4539 optional ServiceAccountTokenProjection serviceAccountToken = 4; 4540} 4541 4542// Represents the source of a volume to mount. 4543// Only one of its members may be specified. 4544message VolumeSource { 4545 // HostPath represents a pre-existing file or directory on the host 4546 // machine that is directly exposed to the container. This is generally 4547 // used for system agents or other privileged things that are allowed 4548 // to see the host machine. Most containers will NOT need this. 4549 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 4550 // --- 4551 // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not 4552 // mount host directories as read/write. 4553 // +optional 4554 optional HostPathVolumeSource hostPath = 1; 4555 4556 // EmptyDir represents a temporary directory that shares a pod's lifetime. 4557 // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 4558 // +optional 4559 optional EmptyDirVolumeSource emptyDir = 2; 4560 4561 // GCEPersistentDisk represents a GCE Disk resource that is attached to a 4562 // kubelet's host machine and then exposed to the pod. 4563 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 4564 // +optional 4565 optional GCEPersistentDiskVolumeSource gcePersistentDisk = 3; 4566 4567 // AWSElasticBlockStore represents an AWS Disk resource that is attached to a 4568 // kubelet's host machine and then exposed to the pod. 4569 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 4570 // +optional 4571 optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 4; 4572 4573 // GitRepo represents a git repository at a particular revision. 4574 // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an 4575 // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir 4576 // into the Pod's container. 4577 // +optional 4578 optional GitRepoVolumeSource gitRepo = 5; 4579 4580 // Secret represents a secret that should populate this volume. 4581 // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 4582 // +optional 4583 optional SecretVolumeSource secret = 6; 4584 4585 // NFS represents an NFS mount on the host that shares a pod's lifetime 4586 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 4587 // +optional 4588 optional NFSVolumeSource nfs = 7; 4589 4590 // ISCSI represents an ISCSI Disk resource that is attached to a 4591 // kubelet's host machine and then exposed to the pod. 4592 // More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md 4593 // +optional 4594 optional ISCSIVolumeSource iscsi = 8; 4595 4596 // Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. 4597 // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md 4598 // +optional 4599 optional GlusterfsVolumeSource glusterfs = 9; 4600 4601 // PersistentVolumeClaimVolumeSource represents a reference to a 4602 // PersistentVolumeClaim in the same namespace. 4603 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 4604 // +optional 4605 optional PersistentVolumeClaimVolumeSource persistentVolumeClaim = 10; 4606 4607 // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. 4608 // More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md 4609 // +optional 4610 optional RBDVolumeSource rbd = 11; 4611 4612 // FlexVolume represents a generic volume resource that is 4613 // provisioned/attached using an exec based plugin. 4614 // +optional 4615 optional FlexVolumeSource flexVolume = 12; 4616 4617 // Cinder represents a cinder volume attached and mounted on kubelets host machine 4618 // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md 4619 // +optional 4620 optional CinderVolumeSource cinder = 13; 4621 4622 // CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 4623 // +optional 4624 optional CephFSVolumeSource cephfs = 14; 4625 4626 // Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 4627 // +optional 4628 optional FlockerVolumeSource flocker = 15; 4629 4630 // DownwardAPI represents downward API about the pod that should populate this volume 4631 // +optional 4632 optional DownwardAPIVolumeSource downwardAPI = 16; 4633 4634 // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 4635 // +optional 4636 optional FCVolumeSource fc = 17; 4637 4638 // AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 4639 // +optional 4640 optional AzureFileVolumeSource azureFile = 18; 4641 4642 // ConfigMap represents a configMap that should populate this volume 4643 // +optional 4644 optional ConfigMapVolumeSource configMap = 19; 4645 4646 // VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 4647 // +optional 4648 optional VsphereVirtualDiskVolumeSource vsphereVolume = 20; 4649 4650 // Quobyte represents a Quobyte mount on the host that shares a pod's lifetime 4651 // +optional 4652 optional QuobyteVolumeSource quobyte = 21; 4653 4654 // AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 4655 // +optional 4656 optional AzureDiskVolumeSource azureDisk = 22; 4657 4658 // PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 4659 optional PhotonPersistentDiskVolumeSource photonPersistentDisk = 23; 4660 4661 // Items for all in one resources secrets, configmaps, and downward API 4662 optional ProjectedVolumeSource projected = 26; 4663 4664 // PortworxVolume represents a portworx volume attached and mounted on kubelets host machine 4665 // +optional 4666 optional PortworxVolumeSource portworxVolume = 24; 4667 4668 // ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 4669 // +optional 4670 optional ScaleIOVolumeSource scaleIO = 25; 4671 4672 // StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. 4673 // +optional 4674 optional StorageOSVolumeSource storageos = 27; 4675} 4676 4677// Represents a vSphere volume resource. 4678message VsphereVirtualDiskVolumeSource { 4679 // Path that identifies vSphere volume vmdk 4680 optional string volumePath = 1; 4681 4682 // Filesystem type to mount. 4683 // Must be a filesystem type supported by the host operating system. 4684 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4685 // +optional 4686 optional string fsType = 2; 4687 4688 // Storage Policy Based Management (SPBM) profile name. 4689 // +optional 4690 optional string storagePolicyName = 3; 4691 4692 // Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 4693 // +optional 4694 optional string storagePolicyID = 4; 4695} 4696 4697// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 4698message WeightedPodAffinityTerm { 4699 // weight associated with matching the corresponding podAffinityTerm, 4700 // in the range 1-100. 4701 optional int32 weight = 1; 4702 4703 // Required. A pod affinity term, associated with the corresponding weight. 4704 optional PodAffinityTerm podAffinityTerm = 2; 4705} 4706 4707