--- apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: name: "hivemq-clusters.hivemq.com" spec: group: "hivemq.com" names: kind: "HiveMQCluster" plural: "hivemq-clusters" shortNames: - "hmqc" singular: "hivemq-cluster" scope: "Namespaced" versions: - additionalPrinterColumns: - description: "HiveMQ cluster size" jsonPath: ".spec.nodeCount" name: "size" type: "integer" - description: "Image" jsonPath: ".spec.image" name: "image" type: "string" - description: "Version/Tag" jsonPath: ".spec.hivemqVersion" name: "version" type: "string" - description: "Current Status" jsonPath: ".status.state" name: "status" type: "string" - description: "MQTT endpoint" jsonPath: ".status.portStatus[0].address" name: "endpoint" type: "string" - description: "Latest (detailed) status message" jsonPath: ".status.message" name: "message" type: "string" name: "v1" schema: openAPIV3Schema: description: "A HiveMQ cluster configuration" properties: spec: description: "A HiveMQ deployment's general parameters" properties: nodeCount: description: "Number of HiveMQ instances to spawn" minimum: 1.0 type: "integer" cpu: type: "string" memory: description: "Memory to request in total for a single node" type: "string" ephemeralStorage: description: "Total storage amount for a single node" type: "string" cpuLimitRatio: description: "Ratio for the CPU upper limit (>=1)" type: "number" memoryLimitRatio: description: "Ratio for the memory upper limit (>=1)" type: "number" ephemeralStorageLimitRatio: description: "Ratio for the ephemeral storage upper limit (>=1)" type: "number" image: description: "Image to use for the broker. Note that you must specify\ \ the tag to the image separately in the hivemqVersion field." type: "string" imagePullPolicy: description: "When to pull the image" type: "string" imagePullSecrets: description: "Image pull secrets to be used in the deployment to pull\ \ the HiveMQ container" items: type: "string" type: "array" operatorHints: description: "Hints that the operator will use to parameterize its\ \ internal business logic." properties: statefulSet: description: "Properties that are only relevant when deploying\ \ a StatefulSet" properties: surgeNode: description: "In order to be compliant with HiveMQ's recommended\ \ update strategy, the operator will start an additional\ \ node with the new configuration prior to running a rolling\ \ upgrade. Use this flag to disable this strategy at your\ \ own risk, in case you can't schedule an additional HiveMQ\ \ node." type: "boolean" surgeNodeCleanupPvc: description: "After finishing a rolling upgrade, the operator\ \ will delete the PersistentVolumeClaim for the added node.\ \ This is useful for AvailabilityZone bound volume providers\ \ such as EBS." type: "boolean" type: "object" type: "object" podLabels: additionalProperties: type: "string" description: "Additional labels to apply to the HiveMQ Pod template" type: "object" podAnnotations: additionalProperties: type: "string" description: "Additional annotations to add to the HiveMQ Pod template" type: "object" nodeSelector: additionalProperties: type: "string" description: "NodeSelector terms to add to the HiveMQ Pod template" type: "object" priorityClassName: description: "If specified, indicates the pod's priority. \"system-node-critical\"\ \ and \"system-cluster-critical\" are two special keywords which\ \ indicate the highest priorities with the former being the highest\ \ priority. Any other name must be defined by creating a PriorityClass\ \ object with that name. If not specified, the pod priority will\ \ be default or zero if there is no default." type: "string" runtimeClassName: description: "RuntimeClassName refers to a RuntimeClass object in\ \ the node.k8s.io group, which should be used to run this pod. If\ \ no RuntimeClass resource matches the named class, the pod will\ \ not be run. If unset or empty, the \"legacy\" RuntimeClass will\ \ be used, which is an implicit class with an empty definition that\ \ uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md\ \ This is a beta feature as of Kubernetes v1.14." type: "string" tolerations: description: "Tolerations to apply to the HiveMQ Pods." items: description: "The pod this Toleration is attached to tolerates any\ \ taint that matches the triple using the matching\ \ operator ." example: effect: "effect" tolerationSeconds: 4 value: "value" key: "key" operator: "operator" properties: effect: description: "Effect indicates the taint effect to match. Empty\ \ means match all taint effects. When specified, allowed values\ \ are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: description: "Key is the taint key that the toleration applies\ \ to. Empty means match all taint keys. If the key is empty,\ \ operator must be Exists; this combination means to match\ \ all values and all keys." type: "string" operator: description: "Operator represents a key's relationship to the\ \ value. Valid operators are Exists and Equal. Defaults to\ \ Equal. Exists is equivalent to wildcard for value, so that\ \ a pod can tolerate all taints of a particular category." type: "string" tolerationSeconds: description: "TolerationSeconds represents the period of time\ \ the toleration (which must be of effect NoExecute, otherwise\ \ this field is ignored) tolerates the taint. By default,\ \ it is not set, which means tolerate the taint forever (do\ \ not evict). Zero and negative values will be treated as\ \ 0 (evict immediately) by the system." format: "int64" type: "integer" value: description: "Value is the taint value the toleration matches\ \ to. If the operator is Exists, the value should be empty,\ \ otherwise just a regular string." type: "string" type: "object" type: "array" additionalVolumes: description: "Additional volumes to add to the HiveMQ Pods." items: description: "Volume represents a named volume in a pod that may\ \ be accessed by any container in the pod." example: quobyte: volume: "volume" registry: "registry" readOnly: true user: "user" tenant: "tenant" group: "group" azureFile: secretName: "secretName" readOnly: true shareName: "shareName" flexVolume: driver: "driver" options: key: "options" secretRef: name: "name" readOnly: true fsType: "fsType" ephemeral: readOnly: true volumeClaimTemplate: metadata: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" spec: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" secret: secretName: "secretName" defaultMode: 6 optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" projected: sources: - downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 - downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 defaultMode: 1 cephfs: path: "path" secretRef: name: "name" secretFile: "secretFile" readOnly: true user: "user" monitors: - "monitors" - "monitors" scaleIO: system: "system" protectionDomain: "protectionDomain" sslEnabled: true storageMode: "storageMode" volumeName: "volumeName" secretRef: name: "name" readOnly: true fsType: "fsType" storagePool: "storagePool" gateway: "gateway" emptyDir: sizeLimit: "sizeLimit" medium: "medium" glusterfs: path: "path" endpoints: "endpoints" readOnly: true gcePersistentDisk: partition: 3 readOnly: true pdName: "pdName" fsType: "fsType" photonPersistentDisk: pdID: "pdID" fsType: "fsType" azureDisk: diskName: "diskName" kind: "kind" readOnly: true cachingMode: "cachingMode" diskURI: "diskURI" fsType: "fsType" cinder: secretRef: name: "name" volumeID: "volumeID" readOnly: true fsType: "fsType" downwardAPI: defaultMode: 8 items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" awsElasticBlockStore: partition: 9 volumeID: "volumeID" readOnly: true fsType: "fsType" flocker: datasetName: "datasetName" datasetUUID: "datasetUUID" iscsi: chapAuthSession: true iscsiInterface: "iscsiInterface" lun: 6 chapAuthDiscovery: true iqn: "iqn" portals: - "portals" - "portals" secretRef: name: "name" initiatorName: "initiatorName" readOnly: true fsType: "fsType" targetPortal: "targetPortal" rbd: image: "image" pool: "pool" secretRef: name: "name" readOnly: true fsType: "fsType" keyring: "keyring" user: "user" monitors: - "monitors" - "monitors" configMap: defaultMode: 9 name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" storageos: volumeNamespace: "volumeNamespace" volumeName: "volumeName" secretRef: name: "name" readOnly: true fsType: "fsType" csi: driver: "driver" nodePublishSecretRef: name: "name" readOnly: true fsType: "fsType" volumeAttributes: key: "volumeAttributes" name: "name" nfs: path: "path" server: "server" readOnly: true persistentVolumeClaim: claimName: "claimName" readOnly: true gitRepo: repository: "repository" directory: "directory" revision: "revision" portworxVolume: volumeID: "volumeID" readOnly: true fsType: "fsType" vsphereVolume: storagePolicyName: "storagePolicyName" storagePolicyID: "storagePolicyID" volumePath: "volumePath" fsType: "fsType" fc: lun: 6 targetWWNs: - "targetWWNs" - "targetWWNs" readOnly: true wwids: - "wwids" - "wwids" fsType: "fsType" hostPath: path: "path" type: "type" properties: awsElasticBlockStore: description: "Represents a Persistent Disk resource in AWS.\n\ \nAn AWS EBS disk must exist before mounting to a container.\ \ The disk must also be in the same AWS zone as the kubelet.\ \ An AWS EBS disk can only be mounted as read/write once.\ \ AWS EBS volumes support ownership management and SELinux\ \ relabeling." example: partition: 9 volumeID: "volumeID" readOnly: true fsType: "fsType" properties: fsType: description: "Filesystem type of the volume that you want\ \ to mount. Tip: Ensure that the filesystem type is supported\ \ by the host operating system. Examples: \"ext4\", \"\ xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if\ \ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "The partition in the volume that you want\ \ to mount. If omitted, the default is to mount by volume\ \ name. Examples: For volume /dev/sda1, you specify the\ \ partition as \"1\". Similarly, the volume partition\ \ for /dev/sda is \"0\" (or you can leave the property\ \ empty)." format: "int32" type: "integer" readOnly: description: "Specify \"true\" to force and set the ReadOnly\ \ property in VolumeMounts to \"true\". If omitted, the\ \ default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: description: "Unique ID of the persistent disk resource\ \ in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" type: "object" azureDisk: description: "AzureDisk represents an Azure Data Disk mount\ \ on the host and bind mount to the pod." example: diskName: "diskName" kind: "kind" readOnly: true cachingMode: "cachingMode" diskURI: "diskURI" fsType: "fsType" properties: cachingMode: description: "Host Caching mode: None, Read Only, Read Write." type: "string" diskName: description: "The Name of the data disk in the blob storage" type: "string" diskURI: description: "The URI the data disk in the blob storage" type: "string" fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"\ ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"\ ext4\" if unspecified." type: "string" kind: description: "Expected values Shared: multiple blob disks\ \ per storage account Dedicated: single blob disk per\ \ storage account Managed: azure managed data disk (only\ \ in managed availability set). defaults to shared" type: "string" readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" - "diskURI" type: "object" azureFile: description: "AzureFile represents an Azure File Service mount\ \ on the host and bind mount to the pod." example: secretName: "secretName" readOnly: true shareName: "shareName" properties: readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" secretName: description: "the name of secret that contains Azure Storage\ \ Account Name and Key" type: "string" shareName: description: "Share Name" type: "string" required: - "secretName" - "shareName" type: "object" cephfs: description: "Represents a Ceph Filesystem mount that lasts\ \ the lifetime of a pod Cephfs volumes do not support ownership\ \ management or SELinux relabeling." example: path: "path" secretRef: name: "name" secretFile: "secretFile" readOnly: true user: "user" monitors: - "monitors" - "monitors" properties: monitors: description: "Required: Monitors is a collection of Ceph\ \ monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" path: description: "Optional: Used as the mounted root, rather\ \ than the full Ceph tree, default is /" type: "string" readOnly: description: "Optional: Defaults to false (read/write).\ \ ReadOnly here will force the ReadOnly setting in VolumeMounts.\ \ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: description: "Optional: SecretFile is the path to key ring\ \ for User, default is /etc/ceph/user.secret More info:\ \ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" user: description: "Optional: User is the rados user name, default\ \ is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: description: "Represents a cinder volume resource in Openstack.\ \ A Cinder volume must exist before mounting to a container.\ \ The volume must also be in the same region as the kubelet.\ \ Cinder volumes support ownership management and SELinux\ \ relabeling." example: secretRef: name: "name" volumeID: "volumeID" readOnly: true fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Examples:\ \ \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to\ \ be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: description: "Optional: Defaults to false (read/write).\ \ ReadOnly here will force the ReadOnly setting in VolumeMounts.\ \ More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" volumeID: description: "volume id used to identify the volume in cinder.\ \ More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" type: "object" configMap: description: "Adapts a ConfigMap into a volume.\n\nThe contents\ \ of the target ConfigMap's Data field will be presented in\ \ a volume as files using the keys in the Data field as the\ \ file names, unless the items element is populated with specific\ \ mappings of keys to paths. ConfigMap volumes support ownership\ \ management and SELinux relabeling." example: defaultMode: 9 name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" properties: defaultMode: description: "Optional: mode bits used to set permissions\ \ on created files by default. Must be an octal value\ \ between 0000 and 0777 or a decimal value between 0 and\ \ 511. YAML accepts both octal and decimal values, JSON\ \ requires decimal values for mode bits. Defaults to 0644.\ \ Directories within the path are not affected by this\ \ setting. This might be in conflict with other options\ \ that affect the file mode, like fsGroup, and the result\ \ can be other mode bits set." format: "int32" type: "integer" items: description: "If unspecified, each key-value pair in the\ \ Data field of the referenced ConfigMap will be projected\ \ into the volume as a file whose name is the key and\ \ content is the value. If specified, the listed keys\ \ will be projected into the specified paths, and unlisted\ \ keys will not be present. If a key is specified which\ \ is not present in the ConfigMap, the volume setup will\ \ error unless it is marked optional. Paths must be relative\ \ and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." example: mode: 6 path: "path" key: "key" properties: key: description: "The key to project." type: "string" mode: description: "Optional: mode bits used to set permissions\ \ on this file. Must be an octal value between 0000\ \ and 0777 or a decimal value between 0 and 511.\ \ YAML accepts both octal and decimal values, JSON\ \ requires decimal values for mode bits. If not\ \ specified, the volume defaultMode will be used.\ \ This might be in conflict with other options that\ \ affect the file mode, like fsGroup, and the result\ \ can be other mode bits set." format: "int32" type: "integer" path: description: "The relative path of the file to map\ \ the key to. May not be an absolute path. May not\ \ contain the path element '..'. May not start with\ \ the string '..'." type: "string" required: - "key" - "path" type: "object" type: "array" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its keys\ \ must be defined" type: "boolean" type: "object" csi: description: "Represents a source location of a volume to mount,\ \ managed by an external CSI driver" example: driver: "driver" nodePublishSecretRef: name: "name" readOnly: true fsType: "fsType" volumeAttributes: key: "volumeAttributes" properties: driver: description: "Driver is the name of the CSI driver that\ \ handles this volume. Consult with your admin for the\ \ correct name as registered in the cluster." type: "string" fsType: description: "Filesystem type to mount. Ex. \"ext4\", \"\ xfs\", \"ntfs\". If not provided, the empty value is passed\ \ to the associated CSI driver which will determine the\ \ default filesystem to apply." type: "string" nodePublishSecretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" readOnly: description: "Specifies a read-only configuration for the\ \ volume. Defaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" description: "VolumeAttributes stores driver-specific properties\ \ that are passed to the CSI driver. Consult your driver's\ \ documentation for supported values." type: "object" required: - "driver" type: "object" downwardAPI: description: "DownwardAPIVolumeSource represents a volume containing\ \ downward API info. Downward API volumes support ownership\ \ management and SELinux relabeling." example: defaultMode: 8 items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: defaultMode: description: "Optional: mode bits to use on created files\ \ by default. Must be a Optional: mode bits used to set\ \ permissions on created files by default. Must be an\ \ octal value between 0000 and 0777 or a decimal value\ \ between 0 and 511. YAML accepts both octal and decimal\ \ values, JSON requires decimal values for mode bits.\ \ Defaults to 0644. Directories within the path are not\ \ affected by this setting. This might be in conflict\ \ with other options that affect the file mode, like fsGroup,\ \ and the result can be other mode bits set." format: "int32" type: "integer" items: description: "Items is a list of downward API volume file" items: description: "DownwardAPIVolumeFile represents information\ \ to create the file containing the pod field" example: mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: fieldRef: description: "ObjectFieldSelector selects an APIVersioned\ \ field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the FieldPath\ \ is written in terms of, defaults to \"v1\"\ ." type: "string" fieldPath: description: "Path of the field to select in the\ \ specified API version." type: "string" required: - "fieldPath" type: "object" mode: description: "Optional: mode bits used to set permissions\ \ on this file, must be an octal value between 0000\ \ and 0777 or a decimal value between 0 and 511.\ \ YAML accepts both octal and decimal values, JSON\ \ requires decimal values for mode bits. If not\ \ specified, the volume defaultMode will be used.\ \ This might be in conflict with other options that\ \ affect the file mode, like fsGroup, and the result\ \ can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path\ \ name of the file to be created. Must not be absolute\ \ or contain the '..' path. Must be utf-8 encoded.\ \ The first item of the relative path must not start\ \ with '..'" type: "string" resourceFieldRef: description: "ResourceFieldSelector represents container\ \ resources (cpu, memory) and their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required for volumes,\ \ optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String()\ \ and AsInt64() accessors.\n\nThe serialization\ \ format is:\n\n ::= \n\ \ (Note that may be empty, from the\ \ \"\" case in .)\n \ \ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | .\ \ | . ::= \"+\" |\ \ \"-\" ::= | \ \ ::= | \ \ | ::= Ki | Mi\ \ | Gi | Ti | Pi | Ei\n (International System\ \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G |\ \ T | P | E\n (Note that 1024 = 1Ki but 1000\ \ = 1k; I didn't choose the capitalization.)\n\ ::= \"e\" |\ \ \"E\" \n\nNo matter which of\ \ the three exponent forms is used, no quantity\ \ may represent a number greater than 2^63-1\ \ in magnitude, nor may it have more than 3\ \ decimal places. Numbers larger or more precise\ \ will be capped or rounded up. (E.g.: 0.1m\ \ will rounded up to 1m.) This may be extended\ \ in the future if we require larger or smaller\ \ quantities.\n\nWhen a Quantity is parsed from\ \ a string, it will remember the type of suffix\ \ it had, and will use the same type again when\ \ it is serialized.\n\nBefore serializing, Quantity\ \ will be put in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted up or\ \ down (with a corresponding increase or decrease\ \ in Mantissa) such that:\n a. No precision\ \ is lost\n b. No fractional digits will be\ \ emitted\n c. The exponent (or suffix) is\ \ as large as possible.\nThe sign will be omitted\ \ unless the number is negative.\n\nExamples:\n\ \ 1.5 will be serialized as \"1500m\"\n 1.5Gi\ \ will be serialized as \"1536Mi\"\n\nNote that\ \ the quantity will NEVER be internally represented\ \ by a floating point number. That is the whole\ \ point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well\ \ formed, but will be re-emitted in their canonical\ \ form. (So always use canonical form, or don't\ \ diff.)\n\nThis format is intended to make\ \ it difficult to use these numbers without\ \ writing some sort of special handling code\ \ in the hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" required: - "path" type: "object" type: "array" type: "object" emptyDir: description: "Represents an empty directory for a pod. Empty\ \ directory volumes support ownership management and SELinux\ \ relabeling." example: sizeLimit: "sizeLimit" medium: "medium" properties: medium: description: "What type of storage medium should back this\ \ directory. The default is \"\" which means to use the\ \ node's default medium. Must be an empty string (default)\ \ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: description: "Quantity is a fixed-point representation of\ \ a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | ::=\ \ | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | ::=\ \ | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P | E\n\ \ (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose\ \ the capitalization.)\n ::= \"e\" \ \ | \"E\" \n\nNo matter which of the three\ \ exponent forms is used, no quantity may represent a\ \ number greater than 2^63-1 in magnitude, nor may it\ \ have more than 3 decimal places. Numbers larger or more\ \ precise will be capped or rounded up. (E.g.: 0.1m will\ \ rounded up to 1m.) This may be extended in the future\ \ if we require larger or smaller quantities.\n\nWhen\ \ a Quantity is parsed from a string, it will remember\ \ the type of suffix it had, and will use the same type\ \ again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted up or down (with\ \ a corresponding increase or decrease in Mantissa) such\ \ that:\n a. No precision is lost\n b. No fractional\ \ digits will be emitted\n c. The exponent (or suffix)\ \ is as large as possible.\nThe sign will be omitted unless\ \ the number is negative.\n\nExamples:\n 1.5 will be\ \ serialized as \"1500m\"\n 1.5Gi will be serialized\ \ as \"1536Mi\"\n\nNote that the quantity will NEVER be\ \ internally represented by a floating point number. That\ \ is the whole point of this exercise.\n\nNon-canonical\ \ values will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis format\ \ is intended to make it difficult to use these numbers\ \ without writing some sort of special handling code in\ \ the hopes that that will cause implementors to also\ \ use a fixed point implementation." format: "quantity" type: "string" type: "object" ephemeral: description: "Represents an ephemeral volume that is handled\ \ by a normal storage driver." example: readOnly: true volumeClaimTemplate: metadata: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" spec: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: readOnly: description: "Specifies a read-only configuration for the\ \ volume. Defaults to false (read/write)." type: "boolean" volumeClaimTemplate: description: "PersistentVolumeClaimTemplate is used to produce\ \ PersistentVolumeClaim objects as part of an EphemeralVolumeSource." example: metadata: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" spec: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: metadata: description: "ObjectMeta is metadata that all persisted\ \ resources must have, which includes all objects\ \ users must create." example: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" properties: annotations: additionalProperties: type: "string" description: "Annotations is an unstructured key\ \ value map stored with a resource that may be\ \ set by external tools to store and retrieve\ \ arbitrary metadata. They are not queryable and\ \ should be preserved when modifying objects.\ \ More info: http://kubernetes.io/docs/user-guide/annotations" type: "object" clusterName: description: "The name of the cluster which the\ \ object belongs to. This is used to distinguish\ \ resources with same name and namespace in different\ \ clusters. This field is not set anywhere right\ \ now and apiserver is going to ignore it if set\ \ in create or update request." type: "string" creationTimestamp: description: "CreationTimestamp is a timestamp representing\ \ the server time when this object was created.\ \ It is not guaranteed to be set in happens-before\ \ order across separate operations. Clients may\ \ not set this value. It is represented in RFC3339\ \ form and is in UTC.\n\nPopulated by the system.\ \ Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" format: "date-time" type: "string" deletionGracePeriodSeconds: description: "Number of seconds allowed for this\ \ object to gracefully terminate before it will\ \ be removed from the system. Only set when deletionTimestamp\ \ is also set. May only be shortened. Read-only." format: "int64" type: "integer" deletionTimestamp: description: "DeletionTimestamp is RFC 3339 date\ \ and time at which this resource will be deleted.\ \ This field is set by the server when a graceful\ \ deletion is requested by the user, and is not\ \ directly settable by a client. The resource\ \ is expected to be deleted (no longer visible\ \ from resource lists, and not reachable by name)\ \ after the time in this field, once the finalizers\ \ list is empty. As long as the finalizers list\ \ contains items, deletion is blocked. Once the\ \ deletionTimestamp is set, this value may not\ \ be unset or be set further into the future,\ \ although it may be shortened or the resource\ \ may be deleted prior to this time. For example,\ \ a user may request that a pod is deleted in\ \ 30 seconds. The Kubelet will react by sending\ \ a graceful termination signal to the containers\ \ in the pod. After that 30 seconds, the Kubelet\ \ will send a hard termination signal (SIGKILL)\ \ to the container and after cleanup, remove the\ \ pod from the API. In the presence of network\ \ partitions, this object may still exist after\ \ this timestamp, until an administrator or automated\ \ process can determine the resource is fully\ \ terminated. If not set, graceful deletion of\ \ the object has not been requested.\n\nPopulated\ \ by the system when a graceful deletion is requested.\ \ Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" format: "date-time" type: "string" finalizers: description: "Must be empty before the object is\ \ deleted from the registry. Each entry is an\ \ identifier for the responsible component that\ \ will remove the entry from the list. If the\ \ deletionTimestamp of the object is non-nil,\ \ entries in this list can only be removed. Finalizers\ \ may be processed and removed in any order. \ \ Order is NOT enforced because it introduces\ \ significant risk of stuck finalizers. finalizers\ \ is a shared field, any actor with permission\ \ can reorder it. If the finalizer list is processed\ \ in order, then this can lead to a situation\ \ in which the component responsible for the first\ \ finalizer in the list is waiting for a signal\ \ (field value, external system, or other) produced\ \ by a component responsible for a finalizer later\ \ in the list, resulting in a deadlock. Without\ \ enforced ordering finalizers are free to order\ \ amongst themselves and are not vulnerable to\ \ ordering changes in the list." items: type: "string" type: "array" generateName: description: "GenerateName is an optional prefix,\ \ used by the server, to generate a unique name\ \ ONLY IF the Name field has not been provided.\ \ If this field is used, the name returned to\ \ the client will be different than the name passed.\ \ This value will also be combined with a unique\ \ suffix. The provided value has the same validation\ \ rules as the Name field, and may be truncated\ \ by the length of the suffix required to make\ \ the value unique on the server.\n\nIf this field\ \ is specified and the generated name exists,\ \ the server will NOT return a 409 - instead,\ \ it will either return 201 Created or 500 with\ \ Reason ServerTimeout indicating a unique name\ \ could not be found in the time allotted, and\ \ the client should retry (optionally after the\ \ time indicated in the Retry-After header).\n\ \nApplied only if Name is not specified. More\ \ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: "string" generation: description: "A sequence number representing a specific\ \ generation of the desired state. Populated by\ \ the system. Read-only." format: "int64" type: "integer" labels: additionalProperties: type: "string" description: "Map of string keys and values that\ \ can be used to organize and categorize (scope\ \ and select) objects. May match selectors of\ \ replication controllers and services. More info:\ \ http://kubernetes.io/docs/user-guide/labels" type: "object" managedFields: description: "ManagedFields maps workflow-id and\ \ version to the set of fields that are managed\ \ by that workflow. This is mostly for internal\ \ housekeeping, and users typically shouldn't\ \ need to set or understand this field. A workflow\ \ can be the user's name, a controller's name,\ \ or the name of a specific apply path like \"\ ci-cd\". The set of fields is always in the version\ \ that the workflow used when modifying the object." items: description: "ManagedFieldsEntry is a workflow-id,\ \ a FieldSet and the group version of the resource\ \ that the fieldset applies to." example: apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" properties: apiVersion: description: "APIVersion defines the version\ \ of this resource that this field set applies\ \ to. The format is \"group/version\" just\ \ like the top-level APIVersion field. It\ \ is necessary to track the version of a\ \ field set because it cannot be automatically\ \ converted." type: "string" fieldsType: description: "FieldsType is the discriminator\ \ for the different fields format and version.\ \ There is currently only one possible value:\ \ \"FieldsV1\"" type: "string" fieldsV1: description: "FieldsV1 holds the first JSON\ \ version format as described in the \"\ FieldsV1\" type." type: "object" manager: description: "Manager is an identifier of\ \ the workflow managing these fields." type: "string" operation: description: "Operation is the type of operation\ \ which lead to this ManagedFieldsEntry\ \ being created. The only valid values for\ \ this field are 'Apply' and 'Update'." type: "string" time: description: "Time is timestamp of when these\ \ fields were set. It should always be empty\ \ if Operation is 'Apply'" format: "date-time" type: "string" type: "object" type: "array" name: description: "Name must be unique within a namespace.\ \ Is required when creating resources, although\ \ some resources may allow a client to request\ \ the generation of an appropriate name automatically.\ \ Name is primarily intended for creation idempotence\ \ and configuration definition. Cannot be updated.\ \ More info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" namespace: description: "Namespace defines the space within\ \ which each name must be unique. An empty namespace\ \ is equivalent to the \"default\" namespace,\ \ but \"default\" is the canonical representation.\ \ Not all objects are required to be scoped to\ \ a namespace - the value of this field for those\ \ objects will be empty.\n\nMust be a DNS_LABEL.\ \ Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: "string" ownerReferences: description: "List of objects depended by this object.\ \ If ALL objects in the list have been deleted,\ \ this object will be garbage collected. If this\ \ object is managed by a controller, then an entry\ \ in this list will point to this controller,\ \ with the controller field set to true. There\ \ cannot be more than one managing controller." items: description: "OwnerReference contains enough information\ \ to let you identify an owning object. An owning\ \ object must be in the same namespace as the\ \ dependent, or be cluster-scoped, so there\ \ is no namespace field." example: uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true properties: apiVersion: description: "API version of the referent." type: "string" blockOwnerDeletion: description: "If true, AND if the owner has\ \ the \"foregroundDeletion\" finalizer,\ \ then the owner cannot be deleted from\ \ the key-value store until this reference\ \ is removed. Defaults to false. To set\ \ this field, a user needs \"delete\" permission\ \ of the owner, otherwise 422 (Unprocessable\ \ Entity) will be returned." type: "boolean" controller: description: "If true, this reference points\ \ to the managing controller." type: "boolean" kind: description: "Kind of the referent. More info:\ \ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: description: "Name of the referent. More info:\ \ http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" uid: description: "UID of the referent. More info:\ \ http://kubernetes.io/docs/user-guide/identifiers#uids" type: "string" required: - "apiVersion" - "kind" - "name" - "uid" type: "object" type: "array" resourceVersion: description: "An opaque value that represents the\ \ internal version of this object that can be\ \ used by clients to determine when objects have\ \ changed. May be used for optimistic concurrency,\ \ change detection, and the watch operation on\ \ a resource or set of resources. Clients must\ \ treat these values as opaque and passed unmodified\ \ back to the server. They may only be valid for\ \ a particular resource or set of resources.\n\ \nPopulated by the system. Read-only. Value must\ \ be treated as opaque by clients and . More info:\ \ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" selfLink: description: "SelfLink is a URL representing this\ \ object. Populated by the system. Read-only.\n\ \nDEPRECATED Kubernetes will stop propagating\ \ this field in 1.20 release and the field is\ \ planned to be removed in 1.21 release." type: "string" uid: description: "UID is the unique in time and space\ \ value for this object. It is typically generated\ \ by the server on successful creation of a resource\ \ and is not allowed to change on PUT operations.\n\ \nPopulated by the system. Read-only. More info:\ \ http://kubernetes.io/docs/user-guide/identifiers#uids" type: "string" type: "object" spec: description: "PersistentVolumeClaimSpec describes the\ \ common attributes of storage devices and allows\ \ a Source for provider-specific attributes" example: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: accessModes: description: "AccessModes contains the desired access\ \ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: description: "TypedLocalObjectReference contains\ \ enough information to let you locate the typed\ \ referenced object inside the same namespace." example: apiGroup: "apiGroup" kind: "kind" name: "name" properties: apiGroup: description: "APIGroup is the group for the\ \ resource being referenced. If APIGroup is\ \ not specified, the specified Kind must be\ \ in the core API group. For any other third-party\ \ types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being\ \ referenced" type: "string" name: description: "Name is the name of resource being\ \ referenced" type: "string" required: - "kind" - "name" type: "object" resources: description: "ResourceRequirements describes the\ \ compute resource requirements." example: requests: {} limits: {} properties: limits: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String()\ \ and AsInt64() accessors.\n\nThe serialization\ \ format is:\n\n ::= \n\ \ (Note that may be empty, from\ \ the \"\" case in .)\n\ \ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | .\ \ | . | . \ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | \ \ | ::= Ki\ \ | Mi | Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M |\ \ G | T | P | E\n (Note that 1024 = 1Ki\ \ but 1000 = 1k; I didn't choose the capitalization.)\n\ ::= \"e\" \ \ | \"E\" \n\nNo matter which\ \ of the three exponent forms is used, no\ \ quantity may represent a number greater\ \ than 2^63-1 in magnitude, nor may it have\ \ more than 3 decimal places. Numbers larger\ \ or more precise will be capped or rounded\ \ up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if\ \ we require larger or smaller quantities.\n\ \nWhen a Quantity is parsed from a string,\ \ it will remember the type of suffix it\ \ had, and will use the same type again\ \ when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\"\ . This means that Exponent/suffix will be\ \ adjusted up or down (with a corresponding\ \ increase or decrease in Mantissa) such\ \ that:\n a. No precision is lost\n b.\ \ No fractional digits will be emitted\n\ \ c. The exponent (or suffix) is as large\ \ as possible.\nThe sign will be omitted\ \ unless the number is negative.\n\nExamples:\n\ \ 1.5 will be serialized as \"1500m\"\n\ \ 1.5Gi will be serialized as \"1536Mi\"\ \n\nNote that the quantity will NEVER be\ \ internally represented by a floating point\ \ number. That is the whole point of this\ \ exercise.\n\nNon-canonical values will\ \ still parse as long as they are well formed,\ \ but will be re-emitted in their canonical\ \ form. (So always use canonical form, or\ \ don't diff.)\n\nThis format is intended\ \ to make it difficult to use these numbers\ \ without writing some sort of special handling\ \ code in the hopes that that will cause\ \ implementors to also use a fixed point\ \ implementation." format: "quantity" type: "string" description: "Limits describes the maximum amount\ \ of compute resources allowed. More info:\ \ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" requests: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String()\ \ and AsInt64() accessors.\n\nThe serialization\ \ format is:\n\n ::= \n\ \ (Note that may be empty, from\ \ the \"\" case in .)\n\ \ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | .\ \ | . | . \ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | \ \ | ::= Ki\ \ | Mi | Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M |\ \ G | T | P | E\n (Note that 1024 = 1Ki\ \ but 1000 = 1k; I didn't choose the capitalization.)\n\ ::= \"e\" \ \ | \"E\" \n\nNo matter which\ \ of the three exponent forms is used, no\ \ quantity may represent a number greater\ \ than 2^63-1 in magnitude, nor may it have\ \ more than 3 decimal places. Numbers larger\ \ or more precise will be capped or rounded\ \ up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if\ \ we require larger or smaller quantities.\n\ \nWhen a Quantity is parsed from a string,\ \ it will remember the type of suffix it\ \ had, and will use the same type again\ \ when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\"\ . This means that Exponent/suffix will be\ \ adjusted up or down (with a corresponding\ \ increase or decrease in Mantissa) such\ \ that:\n a. No precision is lost\n b.\ \ No fractional digits will be emitted\n\ \ c. The exponent (or suffix) is as large\ \ as possible.\nThe sign will be omitted\ \ unless the number is negative.\n\nExamples:\n\ \ 1.5 will be serialized as \"1500m\"\n\ \ 1.5Gi will be serialized as \"1536Mi\"\ \n\nNote that the quantity will NEVER be\ \ internally represented by a floating point\ \ number. That is the whole point of this\ \ exercise.\n\nNon-canonical values will\ \ still parse as long as they are well formed,\ \ but will be re-emitted in their canonical\ \ form. (So always use canonical form, or\ \ don't diff.)\n\nThis format is intended\ \ to make it difficult to use these numbers\ \ without writing some sort of special handling\ \ code in the hopes that that will cause\ \ implementors to also use a fixed point\ \ implementation." format: "quantity" type: "string" description: "Requests describes the minimum\ \ amount of compute resources required. If\ \ Requests is omitted for a container, it\ \ defaults to Limits if that is explicitly\ \ specified, otherwise to an implementation-defined\ \ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" type: "object" selector: description: "A label selector is a label query\ \ over a set of resources. The result of matchLabels\ \ and matchExpressions are ANDed. An empty label\ \ selector matches all objects. A null label selector\ \ matches no objects." example: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" properties: matchExpressions: description: "matchExpressions is a list of\ \ label selector requirements. The requirements\ \ are ANDed." items: description: "A label selector requirement\ \ is a selector that contains values, a\ \ key, and an operator that relates the\ \ key and values." example: values: - "values" - "values" key: "key" operator: "operator" properties: key: description: "key is the label key that\ \ the selector applies to." type: "string" operator: description: "operator represents a key's\ \ relationship to a set of values. Valid\ \ operators are In, NotIn, Exists and\ \ DoesNotExist." type: "string" values: description: "values is an array of string\ \ values. If the operator is In or NotIn,\ \ the values array must be non-empty.\ \ If the operator is Exists or DoesNotExist,\ \ the values array must be empty. This\ \ array is replaced during a strategic\ \ merge patch." items: type: "string" type: "array" required: - "key" - "operator" type: "object" type: "array" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value}\ \ pairs. A single {key,value} in the matchLabels\ \ map is equivalent to an element of matchExpressions,\ \ whose key field is \"key\", the operator\ \ is \"In\", and the values array contains\ \ only \"value\". The requirements are ANDed." type: "object" type: "object" storageClassName: description: "Name of the StorageClass required\ \ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: description: "volumeMode defines what type of volume\ \ is required by the claim. Value of Filesystem\ \ is implied when not included in claim spec." type: "string" volumeName: description: "VolumeName is the binding reference\ \ to the PersistentVolume backing this claim." type: "string" type: "object" required: - "spec" type: "object" type: "object" fc: description: "Represents a Fibre Channel volume. Fibre Channel\ \ volumes can only be mounted as read/write once. Fibre Channel\ \ volumes support ownership management and SELinux relabeling." example: lun: 6 targetWWNs: - "targetWWNs" - "targetWWNs" readOnly: true wwids: - "wwids" - "wwids" fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"\ ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"\ ext4\" if unspecified." type: "string" lun: description: "Optional: FC target lun number" format: "int32" type: "integer" readOnly: description: "Optional: Defaults to false (read/write).\ \ ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: description: "Optional: FC target worldwide names (WWNs)" items: type: "string" type: "array" wwids: description: "Optional: FC volume world wide identifiers\ \ (wwids) Either wwids or combination of targetWWNs and\ \ lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: description: "FlexVolume represents a generic volume resource\ \ that is provisioned/attached using an exec based plugin." example: driver: "driver" options: key: "options" secretRef: name: "name" readOnly: true fsType: "fsType" properties: driver: description: "Driver is the name of the driver to use for\ \ this volume." type: "string" fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"\ ext4\", \"xfs\", \"ntfs\". The default filesystem depends\ \ on FlexVolume script." type: "string" options: additionalProperties: type: "string" description: "Optional: Extra command options if any." type: "object" readOnly: description: "Optional: Defaults to false (read/write).\ \ ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" required: - "driver" type: "object" flocker: description: "Represents a Flocker volume mounted by the Flocker\ \ agent. One and only one of datasetName and datasetUUID should\ \ be set. Flocker volumes do not support ownership management\ \ or SELinux relabeling." example: datasetName: "datasetName" datasetUUID: "datasetUUID" properties: datasetName: description: "Name of the dataset stored as metadata ->\ \ name on the dataset for Flocker should be considered\ \ as deprecated" type: "string" datasetUUID: description: "UUID of the dataset. This is unique identifier\ \ of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: description: "Represents a Persistent Disk resource in Google\ \ Compute Engine.\n\nA GCE PD must exist before mounting to\ \ a container. The disk must also be in the same GCE project\ \ and zone as the kubelet. A GCE PD can only be mounted as\ \ read/write once or read-only many times. GCE PDs support\ \ ownership management and SELinux relabeling." example: partition: 3 readOnly: true pdName: "pdName" fsType: "fsType" properties: fsType: description: "Filesystem type of the volume that you want\ \ to mount. Tip: Ensure that the filesystem type is supported\ \ by the host operating system. Examples: \"ext4\", \"\ xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if\ \ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "The partition in the volume that you want\ \ to mount. If omitted, the default is to mount by volume\ \ name. Examples: For volume /dev/sda1, you specify the\ \ partition as \"1\". Similarly, the volume partition\ \ for /dev/sda is \"0\" (or you can leave the property\ \ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: description: "Unique name of the PD resource in GCE. Used\ \ to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: description: "ReadOnly here will force the ReadOnly setting\ \ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: description: "Represents a volume that is populated with the\ \ contents of a git repository. Git repo volumes do not support\ \ ownership management. Git repo volumes support SELinux relabeling.\n\ \nDEPRECATED: GitRepo is deprecated. To provision a container\ \ with a git repo, mount an EmptyDir into an InitContainer\ \ that clones the repo using git, then mount the EmptyDir\ \ into the Pod's container." example: repository: "repository" directory: "directory" revision: "revision" properties: directory: description: "Target directory name. Must not contain or\ \ start with '..'. If '.' is supplied, the volume directory\ \ will be the git repository. Otherwise, if specified,\ \ the volume will contain the git repository in the subdirectory\ \ with the given name." type: "string" repository: description: "Repository URL" type: "string" revision: description: "Commit hash for the specified revision." type: "string" required: - "repository" type: "object" glusterfs: description: "Represents a Glusterfs mount that lasts the lifetime\ \ of a pod. Glusterfs volumes do not support ownership management\ \ or SELinux relabeling." example: path: "path" endpoints: "endpoints" readOnly: true properties: endpoints: description: "EndpointsName is the endpoint name that details\ \ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: description: "Path is the Glusterfs volume path. More info:\ \ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: description: "ReadOnly here will force the Glusterfs volume\ \ to be mounted with read-only permissions. Defaults to\ \ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: description: "Represents a host path mapped into a pod. Host\ \ path volumes do not support ownership management or SELinux\ \ relabeling." example: path: "path" type: "type" properties: path: description: "Path of the directory on the host. If the\ \ path is a symlink, it will follow the link to the real\ \ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: description: "Type for HostPath Volume Defaults to \"\"\ \ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: description: "Represents an ISCSI disk. ISCSI volumes can only\ \ be mounted as read/write once. ISCSI volumes support ownership\ \ management and SELinux relabeling." example: chapAuthSession: true iscsiInterface: "iscsiInterface" lun: 6 chapAuthDiscovery: true iqn: "iqn" portals: - "portals" - "portals" secretRef: name: "name" initiatorName: "initiatorName" readOnly: true fsType: "fsType" targetPortal: "targetPortal" properties: chapAuthDiscovery: description: "whether support iSCSI Discovery CHAP authentication" type: "boolean" chapAuthSession: description: "whether support iSCSI Session CHAP authentication" type: "boolean" fsType: description: "Filesystem type of the volume that you want\ \ to mount. Tip: Ensure that the filesystem type is supported\ \ by the host operating system. Examples: \"ext4\", \"\ xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if\ \ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "Custom iSCSI Initiator Name. If initiatorName\ \ is specified with iscsiInterface simultaneously, new\ \ iSCSI interface : will be\ \ created for the connection." type: "string" iqn: description: "Target iSCSI Qualified Name." type: "string" iscsiInterface: description: "iSCSI Interface Name that uses an iSCSI transport.\ \ Defaults to 'default' (tcp)." type: "string" lun: description: "iSCSI Target Lun number." format: "int32" type: "integer" portals: description: "iSCSI Target Portal List. The portal is either\ \ an IP or ip_addr:port if the port is other than default\ \ (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: description: "ReadOnly here will force the ReadOnly setting\ \ in VolumeMounts. Defaults to false." type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" targetPortal: description: "iSCSI Target Portal. The Portal is either\ \ an IP or ip_addr:port if the port is other than default\ \ (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" - "lun" - "targetPortal" type: "object" name: description: "Volume's name. Must be a DNS_LABEL and unique\ \ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: description: "Represents an NFS mount that lasts the lifetime\ \ of a pod. NFS volumes do not support ownership management\ \ or SELinux relabeling." example: path: "path" server: "server" readOnly: true properties: path: description: "Path that is exported by the NFS server. More\ \ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: description: "ReadOnly here will force the NFS export to\ \ be mounted with read-only permissions. Defaults to false.\ \ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: description: "Server is the hostname or IP address of the\ \ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: description: "PersistentVolumeClaimVolumeSource references the\ \ user's PVC in the same namespace. This volume finds the\ \ bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource\ \ is, essentially, a wrapper around another type of volume\ \ that is owned by someone else (the system)." example: claimName: "claimName" readOnly: true properties: claimName: description: "ClaimName is the name of a PersistentVolumeClaim\ \ in the same namespace as the pod using this volume.\ \ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: description: "Will force the ReadOnly setting in VolumeMounts.\ \ Default false." type: "boolean" required: - "claimName" type: "object" photonPersistentDisk: description: "Represents a Photon Controller persistent disk\ \ resource." example: pdID: "pdID" fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"\ ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"\ ext4\" if unspecified." type: "string" pdID: description: "ID that identifies Photon Controller persistent\ \ disk" type: "string" required: - "pdID" type: "object" portworxVolume: description: "PortworxVolumeSource represents a Portworx volume\ \ resource." example: volumeID: "volumeID" readOnly: true fsType: "fsType" properties: fsType: description: "FSType represents the filesystem type to mount\ \ Must be a filesystem type supported by the host operating\ \ system. Ex. \"ext4\", \"xfs\". Implicitly inferred to\ \ be \"ext4\" if unspecified." type: "string" readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" volumeID: description: "VolumeID uniquely identifies a Portworx volume" type: "string" required: - "volumeID" type: "object" projected: description: "Represents a projected volume source" example: sources: - downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 - downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 defaultMode: 1 properties: defaultMode: description: "Mode bits used to set permissions on created\ \ files by default. Must be an octal value between 0000\ \ and 0777 or a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values, JSON requires\ \ decimal values for mode bits. Directories within the\ \ path are not affected by this setting. This might be\ \ in conflict with other options that affect the file\ \ mode, like fsGroup, and the result can be other mode\ \ bits set." format: "int32" type: "integer" sources: description: "list of volume projections" items: description: "Projection that may be projected along with\ \ other supported volume types" example: downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 properties: configMap: description: "Adapts a ConfigMap into a projected\ \ volume.\n\nThe contents of the target ConfigMap's\ \ Data field will be presented in a projected volume\ \ as files using the keys in the Data field as the\ \ file names, unless the items element is populated\ \ with specific mappings of keys to paths. Note\ \ that this is identical to a configmap volume source\ \ without the default mode." example: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" properties: items: description: "If unspecified, each key-value pair\ \ in the Data field of the referenced ConfigMap\ \ will be projected into the volume as a file\ \ whose name is the key and content is the value.\ \ If specified, the listed keys will be projected\ \ into the specified paths, and unlisted keys\ \ will not be present. If a key is specified\ \ which is not present in the ConfigMap, the\ \ volume setup will error unless it is marked\ \ optional. Paths must be relative and may not\ \ contain the '..' path or start with '..'." items: description: "Maps a string key to a path within\ \ a volume." example: mode: 6 path: "path" key: "key" properties: key: description: "The key to project." type: "string" mode: description: "Optional: mode bits used to\ \ set permissions on this file. Must be\ \ an octal value between 0000 and 0777\ \ or a decimal value between 0 and 511.\ \ YAML accepts both octal and decimal\ \ values, JSON requires decimal values\ \ for mode bits. If not specified, the\ \ volume defaultMode will be used. This\ \ might be in conflict with other options\ \ that affect the file mode, like fsGroup,\ \ and the result can be other mode bits\ \ set." format: "int32" type: "integer" path: description: "The relative path of the file\ \ to map the key to. May not be an absolute\ \ path. May not contain the path element\ \ '..'. May not start with the string\ \ '..'." type: "string" required: - "key" - "path" type: "object" type: "array" name: description: "Name of the referent. More info:\ \ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or\ \ its keys must be defined" type: "boolean" type: "object" downwardAPI: description: "Represents downward API info for projecting\ \ into a projected volume. Note that this is identical\ \ to a downwardAPI volume source without the default\ \ mode." example: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: items: description: "Items is a list of DownwardAPIVolume\ \ file" items: description: "DownwardAPIVolumeFile represents\ \ information to create the file containing\ \ the pod field" example: mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: fieldRef: description: "ObjectFieldSelector selects\ \ an APIVersioned field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema\ \ the FieldPath is written in terms\ \ of, defaults to \"v1\"." type: "string" fieldPath: description: "Path of the field to select\ \ in the specified API version." type: "string" required: - "fieldPath" type: "object" mode: description: "Optional: mode bits used to\ \ set permissions on this file, must be\ \ an octal value between 0000 and 0777\ \ or a decimal value between 0 and 511.\ \ YAML accepts both octal and decimal\ \ values, JSON requires decimal values\ \ for mode bits. If not specified, the\ \ volume defaultMode will be used. This\ \ might be in conflict with other options\ \ that affect the file mode, like fsGroup,\ \ and the result can be other mode bits\ \ set." format: "int32" type: "integer" path: description: "Required: Path is the relative\ \ path name of the file to be created.\ \ Must not be absolute or contain the\ \ '..' path. Must be utf-8 encoded. The\ \ first item of the relative path must\ \ not start with '..'" type: "string" resourceFieldRef: description: "ResourceFieldSelector represents\ \ container resources (cpu, memory) and\ \ their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required\ \ for volumes, optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point\ \ representation of a number. It provides\ \ convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to\ \ String() and AsInt64() accessors.\n\ \nThe serialization format is:\n\n\ ::= \n\ \ (Note that may be empty,\ \ from the \"\" case in .)\n\ ::= 0 | 1 | ...\ \ | 9 ::= \ \ | \ \ ::= | .\ \ | . | . \ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= \ \ | | \ \ ::= Ki | Mi |\ \ Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k\ \ | M | G | T | P | E\n (Note that\ \ 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n\ \ ::= \"e\" | \"E\"\ \ \n\nNo matter which\ \ of the three exponent forms is used,\ \ no quantity may represent a number\ \ greater than 2^63-1 in magnitude,\ \ nor may it have more than 3 decimal\ \ places. Numbers larger or more precise\ \ will be capped or rounded up. (E.g.:\ \ 0.1m will rounded up to 1m.) This\ \ may be extended in the future if\ \ we require larger or smaller quantities.\n\ \nWhen a Quantity is parsed from a\ \ string, it will remember the type\ \ of suffix it had, and will use the\ \ same type again when it is serialized.\n\ \nBefore serializing, Quantity will\ \ be put in \"canonical form\". This\ \ means that Exponent/suffix will\ \ be adjusted up or down (with a corresponding\ \ increase or decrease in Mantissa)\ \ such that:\n a. No precision is\ \ lost\n b. No fractional digits\ \ will be emitted\n c. The exponent\ \ (or suffix) is as large as possible.\n\ The sign will be omitted unless the\ \ number is negative.\n\nExamples:\n\ \ 1.5 will be serialized as \"1500m\"\ \n 1.5Gi will be serialized as \"\ 1536Mi\"\n\nNote that the quantity\ \ will NEVER be internally represented\ \ by a floating point number. That\ \ is the whole point of this exercise.\n\ \nNon-canonical values will still\ \ parse as long as they are well formed,\ \ but will be re-emitted in their\ \ canonical form. (So always use canonical\ \ form, or don't diff.)\n\nThis format\ \ is intended to make it difficult\ \ to use these numbers without writing\ \ some sort of special handling code\ \ in the hopes that that will cause\ \ implementors to also use a fixed\ \ point implementation." format: "quantity" type: "string" resource: description: "Required: resource to\ \ select" type: "string" required: - "resource" type: "object" required: - "path" type: "object" type: "array" type: "object" secret: description: "Adapts a secret into a projected volume.\n\ \nThe contents of the target Secret's Data field\ \ will be presented in a projected volume as files\ \ using the keys in the Data field as the file names.\ \ Note that this is identical to a secret volume\ \ source without the default mode." example: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" properties: items: description: "If unspecified, each key-value pair\ \ in the Data field of the referenced Secret\ \ will be projected into the volume as a file\ \ whose name is the key and content is the value.\ \ If specified, the listed keys will be projected\ \ into the specified paths, and unlisted keys\ \ will not be present. If a key is specified\ \ which is not present in the Secret, the volume\ \ setup will error unless it is marked optional.\ \ Paths must be relative and may not contain\ \ the '..' path or start with '..'." items: description: "Maps a string key to a path within\ \ a volume." example: mode: 6 path: "path" key: "key" properties: key: description: "The key to project." type: "string" mode: description: "Optional: mode bits used to\ \ set permissions on this file. Must be\ \ an octal value between 0000 and 0777\ \ or a decimal value between 0 and 511.\ \ YAML accepts both octal and decimal\ \ values, JSON requires decimal values\ \ for mode bits. If not specified, the\ \ volume defaultMode will be used. This\ \ might be in conflict with other options\ \ that affect the file mode, like fsGroup,\ \ and the result can be other mode bits\ \ set." format: "int32" type: "integer" path: description: "The relative path of the file\ \ to map the key to. May not be an absolute\ \ path. May not contain the path element\ \ '..'. May not start with the string\ \ '..'." type: "string" required: - "key" - "path" type: "object" type: "array" name: description: "Name of the referent. More info:\ \ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its\ \ key must be defined" type: "boolean" type: "object" serviceAccountToken: description: "ServiceAccountTokenProjection represents\ \ a projected service account token volume. This\ \ projection can be used to insert a service account\ \ token into the pods runtime filesystem for use\ \ against APIs (Kubernetes API Server or otherwise)." example: path: "path" audience: "audience" expirationSeconds: 2 properties: audience: description: "Audience is the intended audience\ \ of the token. A recipient of a token must\ \ identify itself with an identifier specified\ \ in the audience of the token, and otherwise\ \ should reject the token. The audience defaults\ \ to the identifier of the apiserver." type: "string" expirationSeconds: description: "ExpirationSeconds is the requested\ \ duration of validity of the service account\ \ token. As the token approaches expiration,\ \ the kubelet volume plugin will proactively\ \ rotate the service account token. The kubelet\ \ will start trying to rotate the token if the\ \ token is older than 80 percent of its time\ \ to live or if the token is older than 24 hours.Defaults\ \ to 1 hour and must be at least 10 minutes." format: "int64" type: "integer" path: description: "Path is the path relative to the\ \ mount point of the file to project the token\ \ into." type: "string" required: - "path" type: "object" type: "object" type: "array" required: - "sources" type: "object" quobyte: description: "Represents a Quobyte mount that lasts the lifetime\ \ of a pod. Quobyte volumes do not support ownership management\ \ or SELinux relabeling." example: volume: "volume" registry: "registry" readOnly: true user: "user" tenant: "tenant" group: "group" properties: group: description: "Group to map volume access to Default is no\ \ group" type: "string" readOnly: description: "ReadOnly here will force the Quobyte volume\ \ to be mounted with read-only permissions. Defaults to\ \ false." type: "boolean" registry: description: "Registry represents a single or multiple Quobyte\ \ Registry services specified as a string as host:port\ \ pair (multiple entries are separated with commas) which\ \ acts as the central registry for volumes" type: "string" tenant: description: "Tenant owning the given Quobyte volume in\ \ the Backend Used with dynamically provisioned Quobyte\ \ volumes, value is set by the plugin" type: "string" user: description: "User to map volume access to Defaults to serivceaccount\ \ user" type: "string" volume: description: "Volume is a string that references an already\ \ created Quobyte volume by name." type: "string" required: - "registry" - "volume" type: "object" rbd: description: "Represents a Rados Block Device mount that lasts\ \ the lifetime of a pod. RBD volumes support ownership management\ \ and SELinux relabeling." example: image: "image" pool: "pool" secretRef: name: "name" readOnly: true fsType: "fsType" keyring: "keyring" user: "user" monitors: - "monitors" - "monitors" properties: fsType: description: "Filesystem type of the volume that you want\ \ to mount. Tip: Ensure that the filesystem type is supported\ \ by the host operating system. Examples: \"ext4\", \"\ xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if\ \ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: description: "Keyring is the path to key ring for RBDUser.\ \ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: description: "A collection of Ceph monitors. More info:\ \ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: description: "The rados pool name. Default is rbd. More\ \ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: description: "ReadOnly here will force the ReadOnly setting\ \ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" user: description: "The rados user name. Default is admin. More\ \ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" - "monitors" type: "object" scaleIO: description: "ScaleIOVolumeSource represents a persistent ScaleIO\ \ volume" example: system: "system" protectionDomain: "protectionDomain" sslEnabled: true storageMode: "storageMode" volumeName: "volumeName" secretRef: name: "name" readOnly: true fsType: "fsType" storagePool: "storagePool" gateway: "gateway" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"\ ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." type: "string" gateway: description: "The host address of the ScaleIO API Gateway." type: "string" protectionDomain: description: "The name of the ScaleIO Protection Domain\ \ for the configured storage." type: "string" readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" sslEnabled: description: "Flag to enable/disable SSL communication with\ \ Gateway, default false" type: "boolean" storageMode: description: "Indicates whether the storage for a volume\ \ should be ThickProvisioned or ThinProvisioned. Default\ \ is ThinProvisioned." type: "string" storagePool: description: "The ScaleIO Storage Pool associated with the\ \ protection domain." type: "string" system: description: "The name of the storage system as configured\ \ in ScaleIO." type: "string" volumeName: description: "The name of a volume already created in the\ \ ScaleIO system that is associated with this volume source." type: "string" required: - "gateway" - "secretRef" - "system" type: "object" secret: description: "Adapts a Secret into a volume.\n\nThe contents\ \ of the target Secret's Data field will be presented in a\ \ volume as files using the keys in the Data field as the\ \ file names. Secret volumes support ownership management\ \ and SELinux relabeling." example: secretName: "secretName" defaultMode: 6 optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" properties: defaultMode: description: "Optional: mode bits used to set permissions\ \ on created files by default. Must be an octal value\ \ between 0000 and 0777 or a decimal value between 0 and\ \ 511. YAML accepts both octal and decimal values, JSON\ \ requires decimal values for mode bits. Defaults to 0644.\ \ Directories within the path are not affected by this\ \ setting. This might be in conflict with other options\ \ that affect the file mode, like fsGroup, and the result\ \ can be other mode bits set." format: "int32" type: "integer" items: description: "If unspecified, each key-value pair in the\ \ Data field of the referenced Secret will be projected\ \ into the volume as a file whose name is the key and\ \ content is the value. If specified, the listed keys\ \ will be projected into the specified paths, and unlisted\ \ keys will not be present. If a key is specified which\ \ is not present in the Secret, the volume setup will\ \ error unless it is marked optional. Paths must be relative\ \ and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." example: mode: 6 path: "path" key: "key" properties: key: description: "The key to project." type: "string" mode: description: "Optional: mode bits used to set permissions\ \ on this file. Must be an octal value between 0000\ \ and 0777 or a decimal value between 0 and 511.\ \ YAML accepts both octal and decimal values, JSON\ \ requires decimal values for mode bits. If not\ \ specified, the volume defaultMode will be used.\ \ This might be in conflict with other options that\ \ affect the file mode, like fsGroup, and the result\ \ can be other mode bits set." format: "int32" type: "integer" path: description: "The relative path of the file to map\ \ the key to. May not be an absolute path. May not\ \ contain the path element '..'. May not start with\ \ the string '..'." type: "string" required: - "key" - "path" type: "object" type: "array" optional: description: "Specify whether the Secret or its keys must\ \ be defined" type: "boolean" secretName: description: "Name of the secret in the pod's namespace\ \ to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: description: "Represents a StorageOS persistent volume resource." example: volumeNamespace: "volumeNamespace" volumeName: "volumeName" secretRef: name: "name" readOnly: true fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"\ ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"\ ext4\" if unspecified." type: "string" readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" volumeName: description: "VolumeName is the human-readable name of the\ \ StorageOS volume. Volume names are only unique within\ \ a namespace." type: "string" volumeNamespace: description: "VolumeNamespace specifies the scope of the\ \ volume within StorageOS. If no namespace is specified\ \ then the Pod's namespace will be used. This allows\ \ the Kubernetes name scoping to be mirrored within StorageOS\ \ for tighter integration. Set VolumeName to any name\ \ to override the default behaviour. Set to \"default\"\ \ if you are not using namespaces within StorageOS. Namespaces\ \ that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: description: "Represents a vSphere volume resource." example: storagePolicyName: "storagePolicyName" storagePolicyID: "storagePolicyID" volumePath: "volumePath" fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"\ ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"\ ext4\" if unspecified." type: "string" storagePolicyID: description: "Storage Policy Based Management (SPBM) profile\ \ ID associated with the StoragePolicyName." type: "string" storagePolicyName: description: "Storage Policy Based Management (SPBM) profile\ \ name." type: "string" volumePath: description: "Path that identifies vSphere volume vmdk" type: "string" required: - "volumePath" type: "object" required: - "name" type: "object" type: "array" additionalVolumeMounts: description: "Additional volumeMounts to add to the HiveMQ Containers." items: description: "VolumeMount describes a mounting of a Volume within\ \ a container." example: mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" properties: mountPath: description: "Path within the container at which the volume\ \ should be mounted. Must not contain ':'." type: "string" mountPropagation: description: "mountPropagation determines how mounts are propagated\ \ from the host to container and the other way around. When\ \ not set, MountPropagationNone is used. This field is beta\ \ in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: description: "Mounted read-only if true, read-write otherwise\ \ (false or unspecified). Defaults to false." type: "boolean" subPath: description: "Path within the volume from which the container's\ \ volume should be mounted. Defaults to \"\" (volume's root)." type: "string" subPathExpr: description: "Expanded path within the volume from which the\ \ container's volume should be mounted. Behaves similarly\ \ to SubPath but environment variable references $(VAR_NAME)\ \ are expanded using the container's environment. Defaults\ \ to \"\" (volume's root). SubPathExpr and SubPath are mutually\ \ exclusive." type: "string" required: - "mountPath" - "name" type: "object" type: "array" topologySpreadConstraints: description: "TopologySpreadConstraints describes how a group of pods\ \ ought to spread across topology domains. Scheduler will schedule\ \ pods in a way which abides by the constraints. All topologySpreadConstraints\ \ are ANDed." items: description: "TopologySpreadConstraint specifies how to spread matching\ \ pods among the given topology." example: whenUnsatisfiable: "whenUnsatisfiable" maxSkew: 5 labelSelector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" topologyKey: "topologyKey" properties: labelSelector: description: "A label selector is a label query over a set of\ \ resources. The result of matchLabels and matchExpressions\ \ are ANDed. An empty label selector matches all objects.\ \ A null label selector matches no objects." example: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" properties: matchExpressions: description: "matchExpressions is a list of label selector\ \ requirements. The requirements are ANDed." items: description: "A label selector requirement is a selector\ \ that contains values, a key, and an operator that\ \ relates the key and values." example: values: - "values" - "values" key: "key" operator: "operator" properties: key: description: "key is the label key that the selector\ \ applies to." type: "string" operator: description: "operator represents a key's relationship\ \ to a set of values. Valid operators are In, NotIn,\ \ Exists and DoesNotExist." type: "string" values: description: "values is an array of string values.\ \ If the operator is In or NotIn, the values array\ \ must be non-empty. If the operator is Exists or\ \ DoesNotExist, the values array must be empty.\ \ This array is replaced during a strategic merge\ \ patch." items: type: "string" type: "array" required: - "key" - "operator" type: "object" type: "array" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs.\ \ A single {key,value} in the matchLabels map is equivalent\ \ to an element of matchExpressions, whose key field is\ \ \"key\", the operator is \"In\", and the values array\ \ contains only \"value\". The requirements are ANDed." type: "object" type: "object" maxSkew: description: "MaxSkew describes the degree to which pods may\ \ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,\ \ it is the maximum permitted difference between the number\ \ of matching pods in the target topology and the global minimum.\ \ For example, in a 3-zone cluster, MaxSkew is set to 1, and\ \ pods with the same labelSelector spread as 1/1/0: | zone1\ \ | zone2 | zone3 | | P | P | | - if MaxSkew\ \ is 1, incoming pod can only be scheduled to zone3 to become\ \ 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0)\ \ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming\ \ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,\ \ it is used to give higher precedence to topologies that\ \ satisfy it. It's a required field. Default value is 1 and\ \ 0 is not allowed." format: "int32" type: "integer" topologyKey: description: "TopologyKey is the key of node labels. Nodes that\ \ have a label with this key and identical values are considered\ \ to be in the same topology. We consider each \ \ as a \"bucket\", and try to put balanced number of pods\ \ into each bucket. It's a required field." type: "string" whenUnsatisfiable: description: "WhenUnsatisfiable indicates how to deal with a\ \ pod if it doesn't satisfy the spread constraint. - DoNotSchedule\ \ (default) tells the scheduler not to schedule it. - ScheduleAnyway\ \ tells the scheduler to schedule the pod in any location,\n\ \ but giving higher precedence to topologies that would help\ \ reduce the\n skew.\nA constraint is considered \"Unsatisfiable\"\ \ for an incoming pod if and only if every possible node assigment\ \ for that pod would violate \"MaxSkew\" on some topology.\ \ For example, in a 3-zone cluster, MaxSkew is set to 1, and\ \ pods with the same labelSelector spread as 3/1/1: | zone1\ \ | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable\ \ is set to DoNotSchedule, incoming pod can only be scheduled\ \ to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1)\ \ on zone2(zone3) satisfies MaxSkew(1). In other words, the\ \ cluster can still be imbalanced, but scheduler won't make\ \ it *more* imbalanced. It's a required field." type: "string" required: - "maxSkew" - "topologyKey" - "whenUnsatisfiable" type: "object" type: "array" volumeClaimTemplates: description: "Volume claim templates for the stateful set (if the\ \ controller is a STS)" items: description: "PersistentVolumeClaim is a user's request for and\ \ claim to a persistent volume" example: metadata: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" apiVersion: "apiVersion" kind: "kind" spec: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: apiVersion: description: "APIVersion defines the versioned schema of this\ \ representation of an object. Servers should convert recognized\ \ schemas to the latest internal value, and may reject unrecognized\ \ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: description: "Kind is a string value representing the REST resource\ \ this object represents. Servers may infer this from the\ \ endpoint the client submits requests to. Cannot be updated.\ \ In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: description: "ObjectMeta is metadata that all persisted resources\ \ must have, which includes all objects users must create." example: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" properties: annotations: additionalProperties: type: "string" description: "Annotations is an unstructured key value map\ \ stored with a resource that may be set by external tools\ \ to store and retrieve arbitrary metadata. They are not\ \ queryable and should be preserved when modifying objects.\ \ More info: http://kubernetes.io/docs/user-guide/annotations" type: "object" clusterName: description: "The name of the cluster which the object belongs\ \ to. This is used to distinguish resources with same\ \ name and namespace in different clusters. This field\ \ is not set anywhere right now and apiserver is going\ \ to ignore it if set in create or update request." type: "string" creationTimestamp: description: "CreationTimestamp is a timestamp representing\ \ the server time when this object was created. It is\ \ not guaranteed to be set in happens-before order across\ \ separate operations. Clients may not set this value.\ \ It is represented in RFC3339 form and is in UTC.\n\n\ Populated by the system. Read-only. Null for lists. More\ \ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" format: "date-time" type: "string" deletionGracePeriodSeconds: description: "Number of seconds allowed for this object\ \ to gracefully terminate before it will be removed from\ \ the system. Only set when deletionTimestamp is also\ \ set. May only be shortened. Read-only." format: "int64" type: "integer" deletionTimestamp: description: "DeletionTimestamp is RFC 3339 date and time\ \ at which this resource will be deleted. This field is\ \ set by the server when a graceful deletion is requested\ \ by the user, and is not directly settable by a client.\ \ The resource is expected to be deleted (no longer visible\ \ from resource lists, and not reachable by name) after\ \ the time in this field, once the finalizers list is\ \ empty. As long as the finalizers list contains items,\ \ deletion is blocked. Once the deletionTimestamp is set,\ \ this value may not be unset or be set further into the\ \ future, although it may be shortened or the resource\ \ may be deleted prior to this time. For example, a user\ \ may request that a pod is deleted in 30 seconds. The\ \ Kubelet will react by sending a graceful termination\ \ signal to the containers in the pod. After that 30 seconds,\ \ the Kubelet will send a hard termination signal (SIGKILL)\ \ to the container and after cleanup, remove the pod from\ \ the API. In the presence of network partitions, this\ \ object may still exist after this timestamp, until an\ \ administrator or automated process can determine the\ \ resource is fully terminated. If not set, graceful deletion\ \ of the object has not been requested.\n\nPopulated by\ \ the system when a graceful deletion is requested. Read-only.\ \ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" format: "date-time" type: "string" finalizers: description: "Must be empty before the object is deleted\ \ from the registry. Each entry is an identifier for the\ \ responsible component that will remove the entry from\ \ the list. If the deletionTimestamp of the object is\ \ non-nil, entries in this list can only be removed. Finalizers\ \ may be processed and removed in any order. Order is\ \ NOT enforced because it introduces significant risk\ \ of stuck finalizers. finalizers is a shared field, any\ \ actor with permission can reorder it. If the finalizer\ \ list is processed in order, then this can lead to a\ \ situation in which the component responsible for the\ \ first finalizer in the list is waiting for a signal\ \ (field value, external system, or other) produced by\ \ a component responsible for a finalizer later in the\ \ list, resulting in a deadlock. Without enforced ordering\ \ finalizers are free to order amongst themselves and\ \ are not vulnerable to ordering changes in the list." items: type: "string" type: "array" generateName: description: "GenerateName is an optional prefix, used by\ \ the server, to generate a unique name ONLY IF the Name\ \ field has not been provided. If this field is used,\ \ the name returned to the client will be different than\ \ the name passed. This value will also be combined with\ \ a unique suffix. The provided value has the same validation\ \ rules as the Name field, and may be truncated by the\ \ length of the suffix required to make the value unique\ \ on the server.\n\nIf this field is specified and the\ \ generated name exists, the server will NOT return a\ \ 409 - instead, it will either return 201 Created or\ \ 500 with Reason ServerTimeout indicating a unique name\ \ could not be found in the time allotted, and the client\ \ should retry (optionally after the time indicated in\ \ the Retry-After header).\n\nApplied only if Name is\ \ not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: "string" generation: description: "A sequence number representing a specific\ \ generation of the desired state. Populated by the system.\ \ Read-only." format: "int64" type: "integer" labels: additionalProperties: type: "string" description: "Map of string keys and values that can be\ \ used to organize and categorize (scope and select) objects.\ \ May match selectors of replication controllers and services.\ \ More info: http://kubernetes.io/docs/user-guide/labels" type: "object" managedFields: description: "ManagedFields maps workflow-id and version\ \ to the set of fields that are managed by that workflow.\ \ This is mostly for internal housekeeping, and users\ \ typically shouldn't need to set or understand this field.\ \ A workflow can be the user's name, a controller's name,\ \ or the name of a specific apply path like \"ci-cd\"\ . The set of fields is always in the version that the\ \ workflow used when modifying the object." items: description: "ManagedFieldsEntry is a workflow-id, a FieldSet\ \ and the group version of the resource that the fieldset\ \ applies to." example: apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" properties: apiVersion: description: "APIVersion defines the version of this\ \ resource that this field set applies to. The format\ \ is \"group/version\" just like the top-level APIVersion\ \ field. It is necessary to track the version of\ \ a field set because it cannot be automatically\ \ converted." type: "string" fieldsType: description: "FieldsType is the discriminator for\ \ the different fields format and version. There\ \ is currently only one possible value: \"FieldsV1\"" type: "string" fieldsV1: description: "FieldsV1 holds the first JSON version\ \ format as described in the \"FieldsV1\" type." type: "object" manager: description: "Manager is an identifier of the workflow\ \ managing these fields." type: "string" operation: description: "Operation is the type of operation which\ \ lead to this ManagedFieldsEntry being created.\ \ The only valid values for this field are 'Apply'\ \ and 'Update'." type: "string" time: description: "Time is timestamp of when these fields\ \ were set. It should always be empty if Operation\ \ is 'Apply'" format: "date-time" type: "string" type: "object" type: "array" name: description: "Name must be unique within a namespace. Is\ \ required when creating resources, although some resources\ \ may allow a client to request the generation of an appropriate\ \ name automatically. Name is primarily intended for creation\ \ idempotence and configuration definition. Cannot be\ \ updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" namespace: description: "Namespace defines the space within which each\ \ name must be unique. An empty namespace is equivalent\ \ to the \"default\" namespace, but \"default\" is the\ \ canonical representation. Not all objects are required\ \ to be scoped to a namespace - the value of this field\ \ for those objects will be empty.\n\nMust be a DNS_LABEL.\ \ Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" type: "string" ownerReferences: description: "List of objects depended by this object. If\ \ ALL objects in the list have been deleted, this object\ \ will be garbage collected. If this object is managed\ \ by a controller, then an entry in this list will point\ \ to this controller, with the controller field set to\ \ true. There cannot be more than one managing controller." items: description: "OwnerReference contains enough information\ \ to let you identify an owning object. An owning object\ \ must be in the same namespace as the dependent, or\ \ be cluster-scoped, so there is no namespace field." example: uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true properties: apiVersion: description: "API version of the referent." type: "string" blockOwnerDeletion: description: "If true, AND if the owner has the \"\ foregroundDeletion\" finalizer, then the owner cannot\ \ be deleted from the key-value store until this\ \ reference is removed. Defaults to false. To set\ \ this field, a user needs \"delete\" permission\ \ of the owner, otherwise 422 (Unprocessable Entity)\ \ will be returned." type: "boolean" controller: description: "If true, this reference points to the\ \ managing controller." type: "boolean" kind: description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: description: "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" uid: description: "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" type: "string" required: - "apiVersion" - "kind" - "name" - "uid" type: "object" type: "array" resourceVersion: description: "An opaque value that represents the internal\ \ version of this object that can be used by clients to\ \ determine when objects have changed. May be used for\ \ optimistic concurrency, change detection, and the watch\ \ operation on a resource or set of resources. Clients\ \ must treat these values as opaque and passed unmodified\ \ back to the server. They may only be valid for a particular\ \ resource or set of resources.\n\nPopulated by the system.\ \ Read-only. Value must be treated as opaque by clients\ \ and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" selfLink: description: "SelfLink is a URL representing this object.\ \ Populated by the system. Read-only.\n\nDEPRECATED Kubernetes\ \ will stop propagating this field in 1.20 release and\ \ the field is planned to be removed in 1.21 release." type: "string" uid: description: "UID is the unique in time and space value\ \ for this object. It is typically generated by the server\ \ on successful creation of a resource and is not allowed\ \ to change on PUT operations.\n\nPopulated by the system.\ \ Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" type: "string" type: "object" spec: description: "PersistentVolumeClaimSpec describes the common\ \ attributes of storage devices and allows a Source for provider-specific\ \ attributes" example: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: accessModes: description: "AccessModes contains the desired access modes\ \ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: description: "TypedLocalObjectReference contains enough\ \ information to let you locate the typed referenced object\ \ inside the same namespace." example: apiGroup: "apiGroup" kind: "kind" name: "name" properties: apiGroup: description: "APIGroup is the group for the resource\ \ being referenced. If APIGroup is not specified,\ \ the specified Kind must be in the core API group.\ \ For any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" type: "string" name: description: "Name is the name of resource being referenced" type: "string" required: - "kind" - "name" type: "object" resources: description: "ResourceRequirements describes the compute\ \ resource requirements." example: requests: {} limits: {} properties: limits: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and\ \ AsInt64() accessors.\n\nThe serialization format\ \ is:\n\n ::= \n\ \ (Note that may be empty, from the \"\ \" case in .)\n ::=\ \ 0 | 1 | ... | 9 ::= \ \ | ::= \ \ | . | . | . \ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | | \ \ ::= Ki | Mi | Gi | Ti | Pi |\ \ Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T |\ \ P | E\n (Note that 1024 = 1Ki but 1000 = 1k;\ \ I didn't choose the capitalization.)\n\ \ ::= \"e\" | \"E\" \n\ \nNo matter which of the three exponent forms is\ \ used, no quantity may represent a number greater\ \ than 2^63-1 in magnitude, nor may it have more\ \ than 3 decimal places. Numbers larger or more\ \ precise will be capped or rounded up. (E.g.: 0.1m\ \ will rounded up to 1m.) This may be extended in\ \ the future if we require larger or smaller quantities.\n\ \nWhen a Quantity is parsed from a string, it will\ \ remember the type of suffix it had, and will use\ \ the same type again when it is serialized.\n\n\ Before serializing, Quantity will be put in \"canonical\ \ form\". This means that Exponent/suffix will be\ \ adjusted up or down (with a corresponding increase\ \ or decrease in Mantissa) such that:\n a. No precision\ \ is lost\n b. No fractional digits will be emitted\n\ \ c. The exponent (or suffix) is as large as possible.\n\ The sign will be omitted unless the number is negative.\n\ \nExamples:\n 1.5 will be serialized as \"1500m\"\ \n 1.5Gi will be serialized as \"1536Mi\"\n\nNote\ \ that the quantity will NEVER be internally represented\ \ by a floating point number. That is the whole\ \ point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form.\ \ (So always use canonical form, or don't diff.)\n\ \nThis format is intended to make it difficult to\ \ use these numbers without writing some sort of\ \ special handling code in the hopes that that will\ \ cause implementors to also use a fixed point implementation." format: "quantity" type: "string" description: "Limits describes the maximum amount of\ \ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" requests: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and\ \ AsInt64() accessors.\n\nThe serialization format\ \ is:\n\n ::= \n\ \ (Note that may be empty, from the \"\ \" case in .)\n ::=\ \ 0 | 1 | ... | 9 ::= \ \ | ::= \ \ | . | . | . \ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | | \ \ ::= Ki | Mi | Gi | Ti | Pi |\ \ Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T |\ \ P | E\n (Note that 1024 = 1Ki but 1000 = 1k;\ \ I didn't choose the capitalization.)\n\ \ ::= \"e\" | \"E\" \n\ \nNo matter which of the three exponent forms is\ \ used, no quantity may represent a number greater\ \ than 2^63-1 in magnitude, nor may it have more\ \ than 3 decimal places. Numbers larger or more\ \ precise will be capped or rounded up. (E.g.: 0.1m\ \ will rounded up to 1m.) This may be extended in\ \ the future if we require larger or smaller quantities.\n\ \nWhen a Quantity is parsed from a string, it will\ \ remember the type of suffix it had, and will use\ \ the same type again when it is serialized.\n\n\ Before serializing, Quantity will be put in \"canonical\ \ form\". This means that Exponent/suffix will be\ \ adjusted up or down (with a corresponding increase\ \ or decrease in Mantissa) such that:\n a. No precision\ \ is lost\n b. No fractional digits will be emitted\n\ \ c. The exponent (or suffix) is as large as possible.\n\ The sign will be omitted unless the number is negative.\n\ \nExamples:\n 1.5 will be serialized as \"1500m\"\ \n 1.5Gi will be serialized as \"1536Mi\"\n\nNote\ \ that the quantity will NEVER be internally represented\ \ by a floating point number. That is the whole\ \ point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form.\ \ (So always use canonical form, or don't diff.)\n\ \nThis format is intended to make it difficult to\ \ use these numbers without writing some sort of\ \ special handling code in the hopes that that will\ \ cause implementors to also use a fixed point implementation." format: "quantity" type: "string" description: "Requests describes the minimum amount\ \ of compute resources required. If Requests is omitted\ \ for a container, it defaults to Limits if that is\ \ explicitly specified, otherwise to an implementation-defined\ \ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" type: "object" selector: description: "A label selector is a label query over a set\ \ of resources. The result of matchLabels and matchExpressions\ \ are ANDed. An empty label selector matches all objects.\ \ A null label selector matches no objects." example: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" properties: matchExpressions: description: "matchExpressions is a list of label selector\ \ requirements. The requirements are ANDed." items: description: "A label selector requirement is a selector\ \ that contains values, a key, and an operator that\ \ relates the key and values." example: values: - "values" - "values" key: "key" operator: "operator" properties: key: description: "key is the label key that the selector\ \ applies to." type: "string" operator: description: "operator represents a key's relationship\ \ to a set of values. Valid operators are In,\ \ NotIn, Exists and DoesNotExist." type: "string" values: description: "values is an array of string values.\ \ If the operator is In or NotIn, the values\ \ array must be non-empty. If the operator is\ \ Exists or DoesNotExist, the values array must\ \ be empty. This array is replaced during a\ \ strategic merge patch." items: type: "string" type: "array" required: - "key" - "operator" type: "object" type: "array" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs.\ \ A single {key,value} in the matchLabels map is equivalent\ \ to an element of matchExpressions, whose key field\ \ is \"key\", the operator is \"In\", and the values\ \ array contains only \"value\". The requirements\ \ are ANDed." type: "object" type: "object" storageClassName: description: "Name of the StorageClass required by the claim.\ \ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: description: "volumeMode defines what type of volume is\ \ required by the claim. Value of Filesystem is implied\ \ when not included in claim spec." type: "string" volumeName: description: "VolumeName is the binding reference to the\ \ PersistentVolume backing this claim." type: "string" type: "object" type: "object" type: "array" hivemqVersion: description: "Version of HiveMQ to deploy, when using the official\ \ image. When using a custom image, this corresponds to the image\ \ tag used." type: "string" javaOptions: description: "JAVA_OPTS to pass to the HiveMQ JVM" type: "string" configOverride: description: "Override the default template for the HiveMQ config.xml.\ \ Note that modifying this may lead to other fields in this schema\ \ not taking effect anymore." type: "string" listenerConfiguration: description: "The MQTT listener configuration below the \ \ tag. Add all your desired listeners here." type: "string" restApiConfiguration: description: "The REST API configuration. Ignored for versions <4.4.0" type: "string" logLevel: description: "HiveMQ root logger level. Only INFO and above is allowed\ \ for now." enum: - "INFO" - "DEBUG" - "TRACE" type: "string" labels: additionalProperties: type: "string" description: "Labels for the cluster" type: "object" sidecars: description: "Sidecar containers to run alongside HiveMQ" items: description: "A single application container that you want to run\ \ within a pod." example: volumeDevices: - devicePath: "devicePath" name: "name" - devicePath: "devicePath" name: "name" image: "image" imagePullPolicy: "imagePullPolicy" livenessProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" stdin: true terminationMessagePolicy: "terminationMessagePolicy" terminationMessagePath: "terminationMessagePath" workingDir: "workingDir" resources: requests: {} limits: {} securityContext: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true startupProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" env: - name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" ports: - protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 - protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 command: - "command" - "command" volumeMounts: - mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" - mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" args: - "args" - "args" lifecycle: postStart: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" preStop: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" name: "name" tty: true readinessProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" stdinOnce: true envFrom: - configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true - configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true properties: args: description: "Arguments to the entrypoint. The docker image's\ \ CMD is used if this is not provided. Variable references\ \ $(VAR_NAME) are expanded using the container's environment.\ \ If a variable cannot be resolved, the reference in the input\ \ string will be unchanged. The $(VAR_NAME) syntax can be\ \ escaped with a double $$, ie: $$(VAR_NAME). Escaped references\ \ will never be expanded, regardless of whether the variable\ \ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: description: "Entrypoint array. Not executed within a shell.\ \ The docker image's ENTRYPOINT is used if this is not provided.\ \ Variable references $(VAR_NAME) are expanded using the container's\ \ environment. If a variable cannot be resolved, the reference\ \ in the input string will be unchanged. The $(VAR_NAME) syntax\ \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ \ references will never be expanded, regardless of whether\ \ the variable exists or not. Cannot be updated. More info:\ \ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: description: "List of environment variables to set in the container.\ \ Cannot be updated." items: description: "EnvVar represents an environment variable present\ \ in a Container." example: name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: name: description: "Name of the environment variable. Must be\ \ a C_IDENTIFIER." type: "string" value: description: "Variable references $(VAR_NAME) are expanded\ \ using the previous defined environment variables in\ \ the container and any service environment variables.\ \ If a variable cannot be resolved, the reference in\ \ the input string will be unchanged. The $(VAR_NAME)\ \ syntax can be escaped with a double $$, ie: $$(VAR_NAME).\ \ Escaped references will never be expanded, regardless\ \ of whether the variable exists or not. Defaults to\ \ \"\"." type: "string" valueFrom: description: "EnvVarSource represents a source for the\ \ value of an EnvVar." example: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: configMapKeyRef: description: "Selects a key from a ConfigMap." example: name: "name" optional: true key: "key" properties: key: description: "The key to select." type: "string" name: description: "Name of the referent. More info:\ \ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or\ \ its key must be defined" type: "boolean" required: - "key" type: "object" fieldRef: description: "ObjectFieldSelector selects an APIVersioned\ \ field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the FieldPath\ \ is written in terms of, defaults to \"v1\"\ ." type: "string" fieldPath: description: "Path of the field to select in the\ \ specified API version." type: "string" required: - "fieldPath" type: "object" resourceFieldRef: description: "ResourceFieldSelector represents container\ \ resources (cpu, memory) and their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required for volumes,\ \ optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String()\ \ and AsInt64() accessors.\n\nThe serialization\ \ format is:\n\n ::= \n\ \ (Note that may be empty, from the\ \ \"\" case in .)\n \ \ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | .\ \ | . ::= \"+\" |\ \ \"-\" ::= | \ \ ::= | \ \ | ::= Ki | Mi\ \ | Gi | Ti | Pi | Ei\n (International System\ \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G |\ \ T | P | E\n (Note that 1024 = 1Ki but 1000\ \ = 1k; I didn't choose the capitalization.)\n\ ::= \"e\" |\ \ \"E\" \n\nNo matter which of\ \ the three exponent forms is used, no quantity\ \ may represent a number greater than 2^63-1\ \ in magnitude, nor may it have more than 3\ \ decimal places. Numbers larger or more precise\ \ will be capped or rounded up. (E.g.: 0.1m\ \ will rounded up to 1m.) This may be extended\ \ in the future if we require larger or smaller\ \ quantities.\n\nWhen a Quantity is parsed from\ \ a string, it will remember the type of suffix\ \ it had, and will use the same type again when\ \ it is serialized.\n\nBefore serializing, Quantity\ \ will be put in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted up or\ \ down (with a corresponding increase or decrease\ \ in Mantissa) such that:\n a. No precision\ \ is lost\n b. No fractional digits will be\ \ emitted\n c. The exponent (or suffix) is\ \ as large as possible.\nThe sign will be omitted\ \ unless the number is negative.\n\nExamples:\n\ \ 1.5 will be serialized as \"1500m\"\n 1.5Gi\ \ will be serialized as \"1536Mi\"\n\nNote that\ \ the quantity will NEVER be internally represented\ \ by a floating point number. That is the whole\ \ point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well\ \ formed, but will be re-emitted in their canonical\ \ form. (So always use canonical form, or don't\ \ diff.)\n\nThis format is intended to make\ \ it difficult to use these numbers without\ \ writing some sort of special handling code\ \ in the hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" secretKeyRef: description: "SecretKeySelector selects a key of a\ \ Secret." example: name: "name" optional: true key: "key" properties: key: description: "The key of the secret to select\ \ from. Must be a valid secret key." type: "string" name: description: "Name of the referent. More info:\ \ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its\ \ key must be defined" type: "boolean" required: - "key" type: "object" type: "object" required: - "name" type: "object" type: "array" envFrom: description: "List of sources to populate environment variables\ \ in the container. The keys defined within a source must\ \ be a C_IDENTIFIER. All invalid keys will be reported as\ \ an event when the container is starting. When a key exists\ \ in multiple sources, the value associated with the last\ \ source will take precedence. Values defined by an Env with\ \ a duplicate key will take precedence. Cannot be updated." items: description: "EnvFromSource represents the source of a set\ \ of ConfigMaps" example: configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true properties: configMapRef: description: "ConfigMapEnvSource selects a ConfigMap to\ \ populate the environment variables with.\n\nThe contents\ \ of the target ConfigMap's Data field will represent\ \ the key-value pairs as environment variables." example: name: "name" optional: true properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be\ \ defined" type: "boolean" type: "object" prefix: description: "An optional identifier to prepend to each\ \ key in the ConfigMap. Must be a C_IDENTIFIER." type: "string" secretRef: description: "SecretEnvSource selects a Secret to populate\ \ the environment variables with.\n\nThe contents of\ \ the target Secret's Data field will represent the\ \ key-value pairs as environment variables." example: name: "name" optional: true properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" type: "boolean" type: "object" type: "object" type: "array" image: description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images\ \ This field is optional to allow higher level config management\ \ to default or override container images in workload controllers\ \ like Deployments and StatefulSets." type: "string" imagePullPolicy: description: "Image pull policy. One of Always, Never, IfNotPresent.\ \ Defaults to Always if :latest tag is specified, or IfNotPresent\ \ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: description: "Lifecycle describes actions that the management\ \ system should take in response to container lifecycle events.\ \ For the PostStart and PreStop lifecycle handlers, management\ \ of the container blocks until the action is complete, unless\ \ the container process fails, in which case the handler is\ \ aborted." example: postStart: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" preStop: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: postStart: description: "Handler defines a specific action that should\ \ be taken" example: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory\ \ for the command is root ('/') in the container's\ \ filesystem. The command is simply exec'd, it\ \ is not run inside a shell, so traditional shell\ \ instructions ('|', etc) won't work. To use a\ \ shell, you need to explicitly call out to that\ \ shell. Exit status of 0 is treated as live/healthy\ \ and non-zero is unhealthy." items: type: "string" type: "array" type: "object" httpGet: description: "HTTPGetAction describes an action based\ \ on HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults\ \ to the pod IP. You probably want to set \"Host\"\ \ in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or\ \ YAML marshalling and unmarshalling, it produces\ \ or consumes the inner type. This allows you\ \ to have, for example, a JSON field that can\ \ accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the\ \ host. Defaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to,\ \ defaults to the pod IP." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or\ \ YAML marshalling and unmarshalling, it produces\ \ or consumes the inner type. This allows you\ \ to have, for example, a JSON field that can\ \ accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" type: "object" preStop: description: "Handler defines a specific action that should\ \ be taken" example: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory\ \ for the command is root ('/') in the container's\ \ filesystem. The command is simply exec'd, it\ \ is not run inside a shell, so traditional shell\ \ instructions ('|', etc) won't work. To use a\ \ shell, you need to explicitly call out to that\ \ shell. Exit status of 0 is treated as live/healthy\ \ and non-zero is unhealthy." items: type: "string" type: "array" type: "object" httpGet: description: "HTTPGetAction describes an action based\ \ on HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults\ \ to the pod IP. You probably want to set \"Host\"\ \ in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or\ \ YAML marshalling and unmarshalling, it produces\ \ or consumes the inner type. This allows you\ \ to have, for example, a JSON field that can\ \ accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the\ \ host. Defaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to,\ \ defaults to the pod IP." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or\ \ YAML marshalling and unmarshalling, it produces\ \ or consumes the inner type. This allows you\ \ to have, for example, a JSON field that can\ \ accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" type: "object" type: "object" livenessProbe: description: "Probe describes a health check to be performed\ \ against a container to determine whether it is alive or\ \ ready to receive traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's filesystem.\ \ The command is simply exec'd, it is not run inside\ \ a shell, so traditional shell instructions ('|',\ \ etc) won't work. To use a shell, you need to explicitly\ \ call out to that shell. Exit status of 0 is treated\ \ as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe\ \ to be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on\ \ HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has\ \ started before liveness probes are initiated. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More\ \ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: description: "Name of the container specified as a DNS_LABEL.\ \ Each container in a pod must have a unique name (DNS_LABEL).\ \ Cannot be updated." type: "string" ports: description: "List of ports to expose from the container. Exposing\ \ a port here gives the system additional information about\ \ the network connections a container uses, but is primarily\ \ informational. Not specifying a port here DOES NOT prevent\ \ that port from being exposed. Any port which is listening\ \ on the default \"0.0.0.0\" address inside a container will\ \ be accessible from the network. Cannot be updated." items: description: "ContainerPort represents a network port in a\ \ single container." example: protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 properties: containerPort: description: "Number of port to expose on the pod's IP\ \ address. This must be a valid port number, 0 < x <\ \ 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: description: "Number of port to expose on the host. If\ \ specified, this must be a valid port number, 0 < x\ \ < 65536. If HostNetwork is specified, this must match\ \ ContainerPort. Most containers do not need this." format: "int32" type: "integer" name: description: "If specified, this must be an IANA_SVC_NAME\ \ and unique within the pod. Each named port in a pod\ \ must have a unique name. Name for the port that can\ \ be referred to by services." type: "string" protocol: description: "Protocol for port. Must be UDP, TCP, or\ \ SCTP. Defaults to \"TCP\"." type: "string" required: - "containerPort" - "protocol" type: "object" type: "array" x-kubernetes-list-map-keys: - "containerPort" - "protocol" x-kubernetes-list-type: "map" readinessProbe: description: "Probe describes a health check to be performed\ \ against a container to determine whether it is alive or\ \ ready to receive traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's filesystem.\ \ The command is simply exec'd, it is not run inside\ \ a shell, so traditional shell instructions ('|',\ \ etc) won't work. To use a shell, you need to explicitly\ \ call out to that shell. Exit status of 0 is treated\ \ as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe\ \ to be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on\ \ HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has\ \ started before liveness probes are initiated. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More\ \ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" resources: description: "ResourceRequirements describes the compute resource\ \ requirements." example: requests: {} limits: {} properties: limits: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P |\ \ E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n ::=\ \ \"e\" | \"E\" \n\nNo\ \ matter which of the three exponent forms is used,\ \ no quantity may represent a number greater than 2^63-1\ \ in magnitude, nor may it have more than 3 decimal\ \ places. Numbers larger or more precise will be capped\ \ or rounded up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if we require larger\ \ or smaller quantities.\n\nWhen a Quantity is parsed\ \ from a string, it will remember the type of suffix\ \ it had, and will use the same type again when it is\ \ serialized.\n\nBefore serializing, Quantity will be\ \ put in \"canonical form\". This means that Exponent/suffix\ \ will be adjusted up or down (with a corresponding\ \ increase or decrease in Mantissa) such that:\n a.\ \ No precision is lost\n b. No fractional digits will\ \ be emitted\n c. The exponent (or suffix) is as large\ \ as possible.\nThe sign will be omitted unless the\ \ number is negative.\n\nExamples:\n 1.5 will be serialized\ \ as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\ \n\nNote that the quantity will NEVER be internally\ \ represented by a floating point number. That is the\ \ whole point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult to use these\ \ numbers without writing some sort of special handling\ \ code in the hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" description: "Limits describes the maximum amount of compute\ \ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" requests: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P |\ \ E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n ::=\ \ \"e\" | \"E\" \n\nNo\ \ matter which of the three exponent forms is used,\ \ no quantity may represent a number greater than 2^63-1\ \ in magnitude, nor may it have more than 3 decimal\ \ places. Numbers larger or more precise will be capped\ \ or rounded up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if we require larger\ \ or smaller quantities.\n\nWhen a Quantity is parsed\ \ from a string, it will remember the type of suffix\ \ it had, and will use the same type again when it is\ \ serialized.\n\nBefore serializing, Quantity will be\ \ put in \"canonical form\". This means that Exponent/suffix\ \ will be adjusted up or down (with a corresponding\ \ increase or decrease in Mantissa) such that:\n a.\ \ No precision is lost\n b. No fractional digits will\ \ be emitted\n c. The exponent (or suffix) is as large\ \ as possible.\nThe sign will be omitted unless the\ \ number is negative.\n\nExamples:\n 1.5 will be serialized\ \ as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\ \n\nNote that the quantity will NEVER be internally\ \ represented by a floating point number. That is the\ \ whole point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult to use these\ \ numbers without writing some sort of special handling\ \ code in the hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" description: "Requests describes the minimum amount of compute\ \ resources required. If Requests is omitted for a container,\ \ it defaults to Limits if that is explicitly specified,\ \ otherwise to an implementation-defined value. More info:\ \ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" type: "object" securityContext: description: "SecurityContext holds security configuration that\ \ will be applied to a container. Some fields are present\ \ in both SecurityContext and PodSecurityContext. When both\ \ are set, the values in SecurityContext take precedence." example: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true properties: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether\ \ a process can gain more privileges than its parent process.\ \ This bool directly controls if the no_new_privs flag\ \ will be set on the container process. AllowPrivilegeEscalation\ \ is true always when the container is: 1) run as Privileged\ \ 2) has CAP_SYS_ADMIN" type: "boolean" capabilities: description: "Adds and removes POSIX capabilities from running\ \ containers." example: add: - "add" - "add" drop: - "drop" - "drop" properties: add: description: "Added capabilities" items: type: "string" type: "array" drop: description: "Removed capabilities" items: type: "string" type: "array" type: "object" privileged: description: "Run container in privileged mode. Processes\ \ in privileged containers are essentially equivalent\ \ to root on the host. Defaults to false." type: "boolean" procMount: description: "procMount denotes the type of proc mount to\ \ use for the containers. The default is DefaultProcMount\ \ which uses the container runtime defaults for readonly\ \ paths and masked paths. This requires the ProcMountType\ \ feature flag to be enabled." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root\ \ filesystem. Default is false." type: "boolean" runAsGroup: description: "The GID to run the entrypoint of the container\ \ process. Uses runtime default if unset. May also be\ \ set in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." format: "int64" type: "integer" runAsNonRoot: description: "Indicates that the container must run as a\ \ non-root user. If true, the Kubelet will validate the\ \ image at runtime to ensure that it does not run as UID\ \ 0 (root) and fail to start the container if it does.\ \ If unset or false, no such validation will be performed.\ \ May also be set in PodSecurityContext. If set in both\ \ SecurityContext and PodSecurityContext, the value specified\ \ in SecurityContext takes precedence." type: "boolean" runAsUser: description: "The UID to run the entrypoint of the container\ \ process. Defaults to user specified in image metadata\ \ if unspecified. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext,\ \ the value specified in SecurityContext takes precedence." format: "int64" type: "integer" seLinuxOptions: description: "SELinuxOptions are the labels to be applied\ \ to the container" example: role: "role" level: "level" type: "type" user: "user" properties: level: description: "Level is SELinux level label that applies\ \ to the container." type: "string" role: description: "Role is a SELinux role label that applies\ \ to the container." type: "string" type: description: "Type is a SELinux type label that applies\ \ to the container." type: "string" user: description: "User is a SELinux user label that applies\ \ to the container." type: "string" type: "object" seccompProfile: description: "SeccompProfile defines a pod/container's seccomp\ \ profile settings. Only one profile source may be set." example: localhostProfile: "localhostProfile" type: "type" properties: localhostProfile: description: "localhostProfile indicates a profile defined\ \ in a file on the node should be used. The profile\ \ must be preconfigured on the node to work. Must\ \ be a descending path, relative to the kubelet's\ \ configured seccomp profile location. Must only be\ \ set if type is \"Localhost\"." type: "string" type: description: "type indicates which kind of seccomp profile\ \ will be applied. Valid options are:\n\nLocalhost\ \ - a profile defined in a file on the node should\ \ be used. RuntimeDefault - the container runtime\ \ default profile should be used. Unconfined - no\ \ profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: description: "WindowsSecurityContextOptions contain Windows-specific\ \ options and credentials." example: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" properties: gmsaCredentialSpec: description: "GMSACredentialSpec is where the GMSA admission\ \ webhook (https://github.com/kubernetes-sigs/windows-gmsa)\ \ inlines the contents of the GMSA credential spec\ \ named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of\ \ the GMSA credential spec to use." type: "string" runAsUserName: description: "The UserName in Windows to run the entrypoint\ \ of the container process. Defaults to the user specified\ \ in image metadata if unspecified. May also be set\ \ in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." type: "string" type: "object" type: "object" startupProbe: description: "Probe describes a health check to be performed\ \ against a container to determine whether it is alive or\ \ ready to receive traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's filesystem.\ \ The command is simply exec'd, it is not run inside\ \ a shell, so traditional shell instructions ('|',\ \ etc) won't work. To use a shell, you need to explicitly\ \ call out to that shell. Exit status of 0 is treated\ \ as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe\ \ to be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on\ \ HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has\ \ started before liveness probes are initiated. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More\ \ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: description: "Whether this container should allocate a buffer\ \ for stdin in the container runtime. If this is not set,\ \ reads from stdin in the container will always result in\ \ EOF. Default is false." type: "boolean" stdinOnce: description: "Whether the container runtime should close the\ \ stdin channel after it has been opened by a single attach.\ \ When stdin is true the stdin stream will remain open across\ \ multiple attach sessions. If stdinOnce is set to true, stdin\ \ is opened on container start, is empty until the first client\ \ attaches to stdin, and then remains open and accepts data\ \ until the client disconnects, at which time stdin is closed\ \ and remains closed until the container is restarted. If\ \ this flag is false, a container processes that reads from\ \ stdin will never receive an EOF. Default is false" type: "boolean" terminationMessagePath: description: "Optional: Path at which the file to which the\ \ container's termination message will be written is mounted\ \ into the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure message.\ \ Will be truncated by the node if greater than 4096 bytes.\ \ The total message length across all containers will be limited\ \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." type: "string" terminationMessagePolicy: description: "Indicate how the termination message should be\ \ populated. File will use the contents of terminationMessagePath\ \ to populate the container status message on both success\ \ and failure. FallbackToLogsOnError will use the last chunk\ \ of container log output if the termination message file\ \ is empty and the container exited with an error. The log\ \ output is limited to 2048 bytes or 80 lines, whichever is\ \ smaller. Defaults to File. Cannot be updated." type: "string" tty: description: "Whether this container should allocate a TTY for\ \ itself, also requires 'stdin' to be true. Default is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to\ \ be used by the container." items: description: "volumeDevice describes a mapping of a raw block\ \ device within a container." example: devicePath: "devicePath" name: "name" properties: devicePath: description: "devicePath is the path inside of the container\ \ that the device will be mapped to." type: "string" name: description: "name must match the name of a persistentVolumeClaim\ \ in the pod" type: "string" required: - "devicePath" - "name" type: "object" type: "array" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\ \ Cannot be updated." items: description: "VolumeMount describes a mounting of a Volume\ \ within a container." example: mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" properties: mountPath: description: "Path within the container at which the volume\ \ should be mounted. Must not contain ':'." type: "string" mountPropagation: description: "mountPropagation determines how mounts are\ \ propagated from the host to container and the other\ \ way around. When not set, MountPropagationNone is\ \ used. This field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: description: "Mounted read-only if true, read-write otherwise\ \ (false or unspecified). Defaults to false." type: "boolean" subPath: description: "Path within the volume from which the container's\ \ volume should be mounted. Defaults to \"\" (volume's\ \ root)." type: "string" subPathExpr: description: "Expanded path within the volume from which\ \ the container's volume should be mounted. Behaves\ \ similarly to SubPath but environment variable references\ \ $(VAR_NAME) are expanded using the container's environment.\ \ Defaults to \"\" (volume's root). SubPathExpr and\ \ SubPath are mutually exclusive." type: "string" required: - "mountPath" - "name" type: "object" type: "array" workingDir: description: "Container's working directory. If not specified,\ \ the container runtime's default will be used, which might\ \ be configured in the container image. Cannot be updated." type: "string" required: - "name" type: "object" type: "array" env: description: "Additional environment variables for the cluster" items: description: "EnvVar represents an environment variable present\ \ in a Container." example: name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: name: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: description: "Variable references $(VAR_NAME) are expanded using\ \ the previous defined environment variables in the container\ \ and any service environment variables. If a variable cannot\ \ be resolved, the reference in the input string will be unchanged.\ \ The $(VAR_NAME) syntax can be escaped with a double $$,\ \ ie: $$(VAR_NAME). Escaped references will never be expanded,\ \ regardless of whether the variable exists or not. Defaults\ \ to \"\"." type: "string" valueFrom: description: "EnvVarSource represents a source for the value\ \ of an EnvVar." example: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: configMapKeyRef: description: "Selects a key from a ConfigMap." example: name: "name" optional: true key: "key" properties: key: description: "The key to select." type: "string" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key\ \ must be defined" type: "boolean" required: - "key" type: "object" fieldRef: description: "ObjectFieldSelector selects an APIVersioned\ \ field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the FieldPath is\ \ written in terms of, defaults to \"v1\"." type: "string" fieldPath: description: "Path of the field to select in the specified\ \ API version." type: "string" required: - "fieldPath" type: "object" resourceFieldRef: description: "ResourceFieldSelector represents container\ \ resources (cpu, memory) and their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required for volumes,\ \ optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that\ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | .\ \ | . ::= \"+\" | \"-\"\ \ ::= | \ \ ::= | \ \ | ::= Ki | Mi | Gi\ \ | Ti | Pi | Ei\n (International System of units;\ \ See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P\ \ | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n ::=\ \ \"e\" | \"E\" \n\n\ No matter which of the three exponent forms is used,\ \ no quantity may represent a number greater than\ \ 2^63-1 in magnitude, nor may it have more than 3\ \ decimal places. Numbers larger or more precise will\ \ be capped or rounded up. (E.g.: 0.1m will rounded\ \ up to 1m.) This may be extended in the future if\ \ we require larger or smaller quantities.\n\nWhen\ \ a Quantity is parsed from a string, it will remember\ \ the type of suffix it had, and will use the same\ \ type again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\". This\ \ means that Exponent/suffix will be adjusted up or\ \ down (with a corresponding increase or decrease\ \ in Mantissa) such that:\n a. No precision is lost\n\ \ b. No fractional digits will be emitted\n c. The\ \ exponent (or suffix) is as large as possible.\n\ The sign will be omitted unless the number is negative.\n\ \nExamples:\n 1.5 will be serialized as \"1500m\"\ \n 1.5Gi will be serialized as \"1536Mi\"\n\nNote\ \ that the quantity will NEVER be internally represented\ \ by a floating point number. That is the whole point\ \ of this exercise.\n\nNon-canonical values will still\ \ parse as long as they are well formed, but will\ \ be re-emitted in their canonical form. (So always\ \ use canonical form, or don't diff.)\n\nThis format\ \ is intended to make it difficult to use these numbers\ \ without writing some sort of special handling code\ \ in the hopes that that will cause implementors to\ \ also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" secretKeyRef: description: "SecretKeySelector selects a key of a Secret." example: name: "name" optional: true key: "key" properties: key: description: "The key of the secret to select from.\ \ Must be a valid secret key." type: "string" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key\ \ must be defined" type: "boolean" required: - "key" type: "object" type: "object" required: - "name" type: "object" type: "array" configMaps: description: "Hot-reloadable config map or statically mapped configuration" items: properties: name: type: "string" path: description: "Target path at which to mount/place this configuration.\ \ Can be 'none' to only define as volume, to use the ConfigMap\ \ for sidecars." type: "string" static: description: "Whether this configuration must lead to a restart\ \ of the broker (true) or can be re-loaded at run-time (false)" type: "boolean" required: - "name" - "path" type: "object" type: "array" extensions: description: "Description of all extensions and their (desired) states" items: properties: name: description: "Unique, descriptive name for the extension folder" type: "string" enabled: description: "Whether this extension should be enabled" type: "boolean" configMap: description: "ConfigMap that contains configuration files for\ \ this extension" type: "string" static: description: "Whether configuration changes should lead to a\ \ rolling disable/enable instead of hot-reload" type: "boolean" extensionUri: description: "HTTP URI to download the extension from (as .zip\ \ distribution). Set to 'preinstalled' if the extension to\ \ be managed is statically built into the container." type: "string" offline: description: "Whether the individual HiveMQ nodes being updated\ \ with a new extension version should be taken offline (i.e.\ \ removed from load-balancers) during the update" type: "boolean" initialization: description: "Initialization script to run when installing this\ \ extension. This will be executed with the working directory\ \ as the extension folder. Must be idempotent as it will be\ \ run on every update as well." type: "string" updateStrategy: description: "In what manner to perform extension updates" enum: - "serial" - "parallel" type: "string" required: - "name" type: "object" type: "array" podSecurityContext: description: "PodSecurityContext holds pod-level security attributes\ \ and common container settings. Some fields are also present in\ \ container.securityContext. Field values of container.securityContext\ \ take precedence over field values of PodSecurityContext." example: runAsUser: 6 seLinuxOptions: role: "role" level: "level" type: "type" user: "user" fsGroup: 1 seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" fsGroupChangePolicy: "fsGroupChangePolicy" supplementalGroups: - 7 - 7 runAsGroup: 1 runAsNonRoot: true sysctls: - name: "name" value: "value" - name: "name" value: "value" properties: fsGroup: description: "A special supplemental group that applies to all\ \ containers in a pod. Some volume types allow the Kubelet to\ \ change the ownership of that volume to be owned by the pod:\n\ \n1. The owning GID will be the FSGroup 2. The setgid bit is\ \ set (new files created in the volume will be owned by FSGroup)\ \ 3. The permission bits are OR'd with rw-rw----\n\nIf unset,\ \ the Kubelet will not modify the ownership and permissions\ \ of any volume." format: "int64" type: "integer" fsGroupChangePolicy: description: "fsGroupChangePolicy defines behavior of changing\ \ ownership and permission of the volume before being exposed\ \ inside Pod. This field will only apply to volume types which\ \ support fsGroup based ownership(and permissions). It will\ \ have no effect on ephemeral volume types such as: secret,\ \ configmaps and emptydir. Valid values are \"OnRootMismatch\"\ \ and \"Always\". If not specified defaults to \"Always\"." type: "string" runAsGroup: description: "The GID to run the entrypoint of the container process.\ \ Uses runtime default if unset. May also be set in SecurityContext.\ \ If set in both SecurityContext and PodSecurityContext, the\ \ value specified in SecurityContext takes precedence for that\ \ container." format: "int64" type: "integer" runAsNonRoot: description: "Indicates that the container must run as a non-root\ \ user. If true, the Kubelet will validate the image at runtime\ \ to ensure that it does not run as UID 0 (root) and fail to\ \ start the container if it does. If unset or false, no such\ \ validation will be performed. May also be set in SecurityContext.\ \ If set in both SecurityContext and PodSecurityContext, the\ \ value specified in SecurityContext takes precedence." type: "boolean" runAsUser: description: "The UID to run the entrypoint of the container process.\ \ Defaults to user specified in image metadata if unspecified.\ \ May also be set in SecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence for that container." format: "int64" type: "integer" seLinuxOptions: description: "SELinuxOptions are the labels to be applied to the\ \ container" example: role: "role" level: "level" type: "type" user: "user" properties: level: description: "Level is SELinux level label that applies to\ \ the container." type: "string" role: description: "Role is a SELinux role label that applies to\ \ the container." type: "string" type: description: "Type is a SELinux type label that applies to\ \ the container." type: "string" user: description: "User is a SELinux user label that applies to\ \ the container." type: "string" type: "object" seccompProfile: description: "SeccompProfile defines a pod/container's seccomp\ \ profile settings. Only one profile source may be set." example: localhostProfile: "localhostProfile" type: "type" properties: localhostProfile: description: "localhostProfile indicates a profile defined\ \ in a file on the node should be used. The profile must\ \ be preconfigured on the node to work. Must be a descending\ \ path, relative to the kubelet's configured seccomp profile\ \ location. Must only be set if type is \"Localhost\"." type: "string" type: description: "type indicates which kind of seccomp profile\ \ will be applied. Valid options are:\n\nLocalhost - a profile\ \ defined in a file on the node should be used. RuntimeDefault\ \ - the container runtime default profile should be used.\ \ Unconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: description: "A list of groups applied to the first process run\ \ in each container, in addition to the container's primary\ \ GID. If unspecified, no groups will be added to any container." items: format: "int64" type: "integer" type: "array" sysctls: description: "Sysctls hold a list of namespaced sysctls used for\ \ the pod. Pods with unsupported sysctls (by the container runtime)\ \ might fail to launch." items: description: "Sysctl defines a kernel parameter to be set" example: name: "name" value: "value" properties: name: description: "Name of a property to set" type: "string" value: description: "Value of a property to set" type: "string" required: - "name" - "value" type: "object" type: "array" windowsOptions: description: "WindowsSecurityContextOptions contain Windows-specific\ \ options and credentials." example: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" properties: gmsaCredentialSpec: description: "GMSACredentialSpec is where the GMSA admission\ \ webhook (https://github.com/kubernetes-sigs/windows-gmsa)\ \ inlines the contents of the GMSA credential spec named\ \ by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA\ \ credential spec to use." type: "string" runAsUserName: description: "The UserName in Windows to run the entrypoint\ \ of the container process. Defaults to the user specified\ \ in image metadata if unspecified. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext,\ \ the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" containerSecurityContext: description: "The security context to apply to the hivemq container\ \ + static init containers used in the deployment template." example: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true properties: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process\ \ can gain more privileges than its parent process. This bool\ \ directly controls if the no_new_privs flag will be set on\ \ the container process. AllowPrivilegeEscalation is true always\ \ when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN" type: "boolean" capabilities: description: "Adds and removes POSIX capabilities from running\ \ containers." example: add: - "add" - "add" drop: - "drop" - "drop" properties: add: description: "Added capabilities" items: type: "string" type: "array" drop: description: "Removed capabilities" items: type: "string" type: "array" type: "object" privileged: description: "Run container in privileged mode. Processes in privileged\ \ containers are essentially equivalent to root on the host.\ \ Defaults to false." type: "boolean" procMount: description: "procMount denotes the type of proc mount to use\ \ for the containers. The default is DefaultProcMount which\ \ uses the container runtime defaults for readonly paths and\ \ masked paths. This requires the ProcMountType feature flag\ \ to be enabled." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\ \ Default is false." type: "boolean" runAsGroup: description: "The GID to run the entrypoint of the container process.\ \ Uses runtime default if unset. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext, the\ \ value specified in SecurityContext takes precedence." format: "int64" type: "integer" runAsNonRoot: description: "Indicates that the container must run as a non-root\ \ user. If true, the Kubelet will validate the image at runtime\ \ to ensure that it does not run as UID 0 (root) and fail to\ \ start the container if it does. If unset or false, no such\ \ validation will be performed. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext, the\ \ value specified in SecurityContext takes precedence." type: "boolean" runAsUser: description: "The UID to run the entrypoint of the container process.\ \ Defaults to user specified in image metadata if unspecified.\ \ May also be set in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." format: "int64" type: "integer" seLinuxOptions: description: "SELinuxOptions are the labels to be applied to the\ \ container" example: role: "role" level: "level" type: "type" user: "user" properties: level: description: "Level is SELinux level label that applies to\ \ the container." type: "string" role: description: "Role is a SELinux role label that applies to\ \ the container." type: "string" type: description: "Type is a SELinux type label that applies to\ \ the container." type: "string" user: description: "User is a SELinux user label that applies to\ \ the container." type: "string" type: "object" seccompProfile: description: "SeccompProfile defines a pod/container's seccomp\ \ profile settings. Only one profile source may be set." example: localhostProfile: "localhostProfile" type: "type" properties: localhostProfile: description: "localhostProfile indicates a profile defined\ \ in a file on the node should be used. The profile must\ \ be preconfigured on the node to work. Must be a descending\ \ path, relative to the kubelet's configured seccomp profile\ \ location. Must only be set if type is \"Localhost\"." type: "string" type: description: "type indicates which kind of seccomp profile\ \ will be applied. Valid options are:\n\nLocalhost - a profile\ \ defined in a file on the node should be used. RuntimeDefault\ \ - the container runtime default profile should be used.\ \ Unconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: description: "WindowsSecurityContextOptions contain Windows-specific\ \ options and credentials." example: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" properties: gmsaCredentialSpec: description: "GMSACredentialSpec is where the GMSA admission\ \ webhook (https://github.com/kubernetes-sigs/windows-gmsa)\ \ inlines the contents of the GMSA credential spec named\ \ by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA\ \ credential spec to use." type: "string" runAsUserName: description: "The UserName in Windows to run the entrypoint\ \ of the container process. Defaults to the user specified\ \ in image metadata if unspecified. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext,\ \ the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" initContainers: description: "Init containers to run before starting HiveMQ" items: description: "A single application container that you want to run\ \ within a pod." example: volumeDevices: - devicePath: "devicePath" name: "name" - devicePath: "devicePath" name: "name" image: "image" imagePullPolicy: "imagePullPolicy" livenessProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" stdin: true terminationMessagePolicy: "terminationMessagePolicy" terminationMessagePath: "terminationMessagePath" workingDir: "workingDir" resources: requests: {} limits: {} securityContext: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true startupProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" env: - name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" ports: - protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 - protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 command: - "command" - "command" volumeMounts: - mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" - mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" args: - "args" - "args" lifecycle: postStart: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" preStop: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" name: "name" tty: true readinessProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" stdinOnce: true envFrom: - configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true - configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true properties: args: description: "Arguments to the entrypoint. The docker image's\ \ CMD is used if this is not provided. Variable references\ \ $(VAR_NAME) are expanded using the container's environment.\ \ If a variable cannot be resolved, the reference in the input\ \ string will be unchanged. The $(VAR_NAME) syntax can be\ \ escaped with a double $$, ie: $$(VAR_NAME). Escaped references\ \ will never be expanded, regardless of whether the variable\ \ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: description: "Entrypoint array. Not executed within a shell.\ \ The docker image's ENTRYPOINT is used if this is not provided.\ \ Variable references $(VAR_NAME) are expanded using the container's\ \ environment. If a variable cannot be resolved, the reference\ \ in the input string will be unchanged. The $(VAR_NAME) syntax\ \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ \ references will never be expanded, regardless of whether\ \ the variable exists or not. Cannot be updated. More info:\ \ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: description: "List of environment variables to set in the container.\ \ Cannot be updated." items: description: "EnvVar represents an environment variable present\ \ in a Container." example: name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: name: description: "Name of the environment variable. Must be\ \ a C_IDENTIFIER." type: "string" value: description: "Variable references $(VAR_NAME) are expanded\ \ using the previous defined environment variables in\ \ the container and any service environment variables.\ \ If a variable cannot be resolved, the reference in\ \ the input string will be unchanged. The $(VAR_NAME)\ \ syntax can be escaped with a double $$, ie: $$(VAR_NAME).\ \ Escaped references will never be expanded, regardless\ \ of whether the variable exists or not. Defaults to\ \ \"\"." type: "string" valueFrom: description: "EnvVarSource represents a source for the\ \ value of an EnvVar." example: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: configMapKeyRef: description: "Selects a key from a ConfigMap." example: name: "name" optional: true key: "key" properties: key: description: "The key to select." type: "string" name: description: "Name of the referent. More info:\ \ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or\ \ its key must be defined" type: "boolean" required: - "key" type: "object" fieldRef: description: "ObjectFieldSelector selects an APIVersioned\ \ field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the FieldPath\ \ is written in terms of, defaults to \"v1\"\ ." type: "string" fieldPath: description: "Path of the field to select in the\ \ specified API version." type: "string" required: - "fieldPath" type: "object" resourceFieldRef: description: "ResourceFieldSelector represents container\ \ resources (cpu, memory) and their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required for volumes,\ \ optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String()\ \ and AsInt64() accessors.\n\nThe serialization\ \ format is:\n\n ::= \n\ \ (Note that may be empty, from the\ \ \"\" case in .)\n \ \ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | .\ \ | . ::= \"+\" |\ \ \"-\" ::= | \ \ ::= | \ \ | ::= Ki | Mi\ \ | Gi | Ti | Pi | Ei\n (International System\ \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G |\ \ T | P | E\n (Note that 1024 = 1Ki but 1000\ \ = 1k; I didn't choose the capitalization.)\n\ ::= \"e\" |\ \ \"E\" \n\nNo matter which of\ \ the three exponent forms is used, no quantity\ \ may represent a number greater than 2^63-1\ \ in magnitude, nor may it have more than 3\ \ decimal places. Numbers larger or more precise\ \ will be capped or rounded up. (E.g.: 0.1m\ \ will rounded up to 1m.) This may be extended\ \ in the future if we require larger or smaller\ \ quantities.\n\nWhen a Quantity is parsed from\ \ a string, it will remember the type of suffix\ \ it had, and will use the same type again when\ \ it is serialized.\n\nBefore serializing, Quantity\ \ will be put in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted up or\ \ down (with a corresponding increase or decrease\ \ in Mantissa) such that:\n a. No precision\ \ is lost\n b. No fractional digits will be\ \ emitted\n c. The exponent (or suffix) is\ \ as large as possible.\nThe sign will be omitted\ \ unless the number is negative.\n\nExamples:\n\ \ 1.5 will be serialized as \"1500m\"\n 1.5Gi\ \ will be serialized as \"1536Mi\"\n\nNote that\ \ the quantity will NEVER be internally represented\ \ by a floating point number. That is the whole\ \ point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well\ \ formed, but will be re-emitted in their canonical\ \ form. (So always use canonical form, or don't\ \ diff.)\n\nThis format is intended to make\ \ it difficult to use these numbers without\ \ writing some sort of special handling code\ \ in the hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" secretKeyRef: description: "SecretKeySelector selects a key of a\ \ Secret." example: name: "name" optional: true key: "key" properties: key: description: "The key of the secret to select\ \ from. Must be a valid secret key." type: "string" name: description: "Name of the referent. More info:\ \ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its\ \ key must be defined" type: "boolean" required: - "key" type: "object" type: "object" required: - "name" type: "object" type: "array" envFrom: description: "List of sources to populate environment variables\ \ in the container. The keys defined within a source must\ \ be a C_IDENTIFIER. All invalid keys will be reported as\ \ an event when the container is starting. When a key exists\ \ in multiple sources, the value associated with the last\ \ source will take precedence. Values defined by an Env with\ \ a duplicate key will take precedence. Cannot be updated." items: description: "EnvFromSource represents the source of a set\ \ of ConfigMaps" example: configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true properties: configMapRef: description: "ConfigMapEnvSource selects a ConfigMap to\ \ populate the environment variables with.\n\nThe contents\ \ of the target ConfigMap's Data field will represent\ \ the key-value pairs as environment variables." example: name: "name" optional: true properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be\ \ defined" type: "boolean" type: "object" prefix: description: "An optional identifier to prepend to each\ \ key in the ConfigMap. Must be a C_IDENTIFIER." type: "string" secretRef: description: "SecretEnvSource selects a Secret to populate\ \ the environment variables with.\n\nThe contents of\ \ the target Secret's Data field will represent the\ \ key-value pairs as environment variables." example: name: "name" optional: true properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" type: "boolean" type: "object" type: "object" type: "array" image: description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images\ \ This field is optional to allow higher level config management\ \ to default or override container images in workload controllers\ \ like Deployments and StatefulSets." type: "string" imagePullPolicy: description: "Image pull policy. One of Always, Never, IfNotPresent.\ \ Defaults to Always if :latest tag is specified, or IfNotPresent\ \ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: description: "Lifecycle describes actions that the management\ \ system should take in response to container lifecycle events.\ \ For the PostStart and PreStop lifecycle handlers, management\ \ of the container blocks until the action is complete, unless\ \ the container process fails, in which case the handler is\ \ aborted." example: postStart: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" preStop: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: postStart: description: "Handler defines a specific action that should\ \ be taken" example: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory\ \ for the command is root ('/') in the container's\ \ filesystem. The command is simply exec'd, it\ \ is not run inside a shell, so traditional shell\ \ instructions ('|', etc) won't work. To use a\ \ shell, you need to explicitly call out to that\ \ shell. Exit status of 0 is treated as live/healthy\ \ and non-zero is unhealthy." items: type: "string" type: "array" type: "object" httpGet: description: "HTTPGetAction describes an action based\ \ on HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults\ \ to the pod IP. You probably want to set \"Host\"\ \ in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or\ \ YAML marshalling and unmarshalling, it produces\ \ or consumes the inner type. This allows you\ \ to have, for example, a JSON field that can\ \ accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the\ \ host. Defaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to,\ \ defaults to the pod IP." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or\ \ YAML marshalling and unmarshalling, it produces\ \ or consumes the inner type. This allows you\ \ to have, for example, a JSON field that can\ \ accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" type: "object" preStop: description: "Handler defines a specific action that should\ \ be taken" example: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory\ \ for the command is root ('/') in the container's\ \ filesystem. The command is simply exec'd, it\ \ is not run inside a shell, so traditional shell\ \ instructions ('|', etc) won't work. To use a\ \ shell, you need to explicitly call out to that\ \ shell. Exit status of 0 is treated as live/healthy\ \ and non-zero is unhealthy." items: type: "string" type: "array" type: "object" httpGet: description: "HTTPGetAction describes an action based\ \ on HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults\ \ to the pod IP. You probably want to set \"Host\"\ \ in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or\ \ YAML marshalling and unmarshalling, it produces\ \ or consumes the inner type. This allows you\ \ to have, for example, a JSON field that can\ \ accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the\ \ host. Defaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to,\ \ defaults to the pod IP." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or\ \ YAML marshalling and unmarshalling, it produces\ \ or consumes the inner type. This allows you\ \ to have, for example, a JSON field that can\ \ accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" type: "object" type: "object" livenessProbe: description: "Probe describes a health check to be performed\ \ against a container to determine whether it is alive or\ \ ready to receive traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's filesystem.\ \ The command is simply exec'd, it is not run inside\ \ a shell, so traditional shell instructions ('|',\ \ etc) won't work. To use a shell, you need to explicitly\ \ call out to that shell. Exit status of 0 is treated\ \ as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe\ \ to be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on\ \ HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has\ \ started before liveness probes are initiated. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More\ \ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: description: "Name of the container specified as a DNS_LABEL.\ \ Each container in a pod must have a unique name (DNS_LABEL).\ \ Cannot be updated." type: "string" ports: description: "List of ports to expose from the container. Exposing\ \ a port here gives the system additional information about\ \ the network connections a container uses, but is primarily\ \ informational. Not specifying a port here DOES NOT prevent\ \ that port from being exposed. Any port which is listening\ \ on the default \"0.0.0.0\" address inside a container will\ \ be accessible from the network. Cannot be updated." items: description: "ContainerPort represents a network port in a\ \ single container." example: protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 properties: containerPort: description: "Number of port to expose on the pod's IP\ \ address. This must be a valid port number, 0 < x <\ \ 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: description: "Number of port to expose on the host. If\ \ specified, this must be a valid port number, 0 < x\ \ < 65536. If HostNetwork is specified, this must match\ \ ContainerPort. Most containers do not need this." format: "int32" type: "integer" name: description: "If specified, this must be an IANA_SVC_NAME\ \ and unique within the pod. Each named port in a pod\ \ must have a unique name. Name for the port that can\ \ be referred to by services." type: "string" protocol: description: "Protocol for port. Must be UDP, TCP, or\ \ SCTP. Defaults to \"TCP\"." type: "string" required: - "containerPort" - "protocol" type: "object" type: "array" x-kubernetes-list-map-keys: - "containerPort" - "protocol" x-kubernetes-list-type: "map" readinessProbe: description: "Probe describes a health check to be performed\ \ against a container to determine whether it is alive or\ \ ready to receive traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's filesystem.\ \ The command is simply exec'd, it is not run inside\ \ a shell, so traditional shell instructions ('|',\ \ etc) won't work. To use a shell, you need to explicitly\ \ call out to that shell. Exit status of 0 is treated\ \ as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe\ \ to be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on\ \ HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has\ \ started before liveness probes are initiated. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More\ \ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" resources: description: "ResourceRequirements describes the compute resource\ \ requirements." example: requests: {} limits: {} properties: limits: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P |\ \ E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n ::=\ \ \"e\" | \"E\" \n\nNo\ \ matter which of the three exponent forms is used,\ \ no quantity may represent a number greater than 2^63-1\ \ in magnitude, nor may it have more than 3 decimal\ \ places. Numbers larger or more precise will be capped\ \ or rounded up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if we require larger\ \ or smaller quantities.\n\nWhen a Quantity is parsed\ \ from a string, it will remember the type of suffix\ \ it had, and will use the same type again when it is\ \ serialized.\n\nBefore serializing, Quantity will be\ \ put in \"canonical form\". This means that Exponent/suffix\ \ will be adjusted up or down (with a corresponding\ \ increase or decrease in Mantissa) such that:\n a.\ \ No precision is lost\n b. No fractional digits will\ \ be emitted\n c. The exponent (or suffix) is as large\ \ as possible.\nThe sign will be omitted unless the\ \ number is negative.\n\nExamples:\n 1.5 will be serialized\ \ as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\ \n\nNote that the quantity will NEVER be internally\ \ represented by a floating point number. That is the\ \ whole point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult to use these\ \ numbers without writing some sort of special handling\ \ code in the hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" description: "Limits describes the maximum amount of compute\ \ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" requests: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P |\ \ E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n ::=\ \ \"e\" | \"E\" \n\nNo\ \ matter which of the three exponent forms is used,\ \ no quantity may represent a number greater than 2^63-1\ \ in magnitude, nor may it have more than 3 decimal\ \ places. Numbers larger or more precise will be capped\ \ or rounded up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if we require larger\ \ or smaller quantities.\n\nWhen a Quantity is parsed\ \ from a string, it will remember the type of suffix\ \ it had, and will use the same type again when it is\ \ serialized.\n\nBefore serializing, Quantity will be\ \ put in \"canonical form\". This means that Exponent/suffix\ \ will be adjusted up or down (with a corresponding\ \ increase or decrease in Mantissa) such that:\n a.\ \ No precision is lost\n b. No fractional digits will\ \ be emitted\n c. The exponent (or suffix) is as large\ \ as possible.\nThe sign will be omitted unless the\ \ number is negative.\n\nExamples:\n 1.5 will be serialized\ \ as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\ \n\nNote that the quantity will NEVER be internally\ \ represented by a floating point number. That is the\ \ whole point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult to use these\ \ numbers without writing some sort of special handling\ \ code in the hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" description: "Requests describes the minimum amount of compute\ \ resources required. If Requests is omitted for a container,\ \ it defaults to Limits if that is explicitly specified,\ \ otherwise to an implementation-defined value. More info:\ \ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" type: "object" securityContext: description: "SecurityContext holds security configuration that\ \ will be applied to a container. Some fields are present\ \ in both SecurityContext and PodSecurityContext. When both\ \ are set, the values in SecurityContext take precedence." example: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true properties: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether\ \ a process can gain more privileges than its parent process.\ \ This bool directly controls if the no_new_privs flag\ \ will be set on the container process. AllowPrivilegeEscalation\ \ is true always when the container is: 1) run as Privileged\ \ 2) has CAP_SYS_ADMIN" type: "boolean" capabilities: description: "Adds and removes POSIX capabilities from running\ \ containers." example: add: - "add" - "add" drop: - "drop" - "drop" properties: add: description: "Added capabilities" items: type: "string" type: "array" drop: description: "Removed capabilities" items: type: "string" type: "array" type: "object" privileged: description: "Run container in privileged mode. Processes\ \ in privileged containers are essentially equivalent\ \ to root on the host. Defaults to false." type: "boolean" procMount: description: "procMount denotes the type of proc mount to\ \ use for the containers. The default is DefaultProcMount\ \ which uses the container runtime defaults for readonly\ \ paths and masked paths. This requires the ProcMountType\ \ feature flag to be enabled." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root\ \ filesystem. Default is false." type: "boolean" runAsGroup: description: "The GID to run the entrypoint of the container\ \ process. Uses runtime default if unset. May also be\ \ set in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." format: "int64" type: "integer" runAsNonRoot: description: "Indicates that the container must run as a\ \ non-root user. If true, the Kubelet will validate the\ \ image at runtime to ensure that it does not run as UID\ \ 0 (root) and fail to start the container if it does.\ \ If unset or false, no such validation will be performed.\ \ May also be set in PodSecurityContext. If set in both\ \ SecurityContext and PodSecurityContext, the value specified\ \ in SecurityContext takes precedence." type: "boolean" runAsUser: description: "The UID to run the entrypoint of the container\ \ process. Defaults to user specified in image metadata\ \ if unspecified. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext,\ \ the value specified in SecurityContext takes precedence." format: "int64" type: "integer" seLinuxOptions: description: "SELinuxOptions are the labels to be applied\ \ to the container" example: role: "role" level: "level" type: "type" user: "user" properties: level: description: "Level is SELinux level label that applies\ \ to the container." type: "string" role: description: "Role is a SELinux role label that applies\ \ to the container." type: "string" type: description: "Type is a SELinux type label that applies\ \ to the container." type: "string" user: description: "User is a SELinux user label that applies\ \ to the container." type: "string" type: "object" seccompProfile: description: "SeccompProfile defines a pod/container's seccomp\ \ profile settings. Only one profile source may be set." example: localhostProfile: "localhostProfile" type: "type" properties: localhostProfile: description: "localhostProfile indicates a profile defined\ \ in a file on the node should be used. The profile\ \ must be preconfigured on the node to work. Must\ \ be a descending path, relative to the kubelet's\ \ configured seccomp profile location. Must only be\ \ set if type is \"Localhost\"." type: "string" type: description: "type indicates which kind of seccomp profile\ \ will be applied. Valid options are:\n\nLocalhost\ \ - a profile defined in a file on the node should\ \ be used. RuntimeDefault - the container runtime\ \ default profile should be used. Unconfined - no\ \ profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: description: "WindowsSecurityContextOptions contain Windows-specific\ \ options and credentials." example: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" properties: gmsaCredentialSpec: description: "GMSACredentialSpec is where the GMSA admission\ \ webhook (https://github.com/kubernetes-sigs/windows-gmsa)\ \ inlines the contents of the GMSA credential spec\ \ named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of\ \ the GMSA credential spec to use." type: "string" runAsUserName: description: "The UserName in Windows to run the entrypoint\ \ of the container process. Defaults to the user specified\ \ in image metadata if unspecified. May also be set\ \ in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." type: "string" type: "object" type: "object" startupProbe: description: "Probe describes a health check to be performed\ \ against a container to determine whether it is alive or\ \ ready to receive traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's filesystem.\ \ The command is simply exec'd, it is not run inside\ \ a shell, so traditional shell instructions ('|',\ \ etc) won't work. To use a shell, you need to explicitly\ \ call out to that shell. Exit status of 0 is treated\ \ as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe\ \ to be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on\ \ HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has\ \ started before liveness probes are initiated. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an\ \ int32 or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More\ \ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: description: "Whether this container should allocate a buffer\ \ for stdin in the container runtime. If this is not set,\ \ reads from stdin in the container will always result in\ \ EOF. Default is false." type: "boolean" stdinOnce: description: "Whether the container runtime should close the\ \ stdin channel after it has been opened by a single attach.\ \ When stdin is true the stdin stream will remain open across\ \ multiple attach sessions. If stdinOnce is set to true, stdin\ \ is opened on container start, is empty until the first client\ \ attaches to stdin, and then remains open and accepts data\ \ until the client disconnects, at which time stdin is closed\ \ and remains closed until the container is restarted. If\ \ this flag is false, a container processes that reads from\ \ stdin will never receive an EOF. Default is false" type: "boolean" terminationMessagePath: description: "Optional: Path at which the file to which the\ \ container's termination message will be written is mounted\ \ into the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure message.\ \ Will be truncated by the node if greater than 4096 bytes.\ \ The total message length across all containers will be limited\ \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." type: "string" terminationMessagePolicy: description: "Indicate how the termination message should be\ \ populated. File will use the contents of terminationMessagePath\ \ to populate the container status message on both success\ \ and failure. FallbackToLogsOnError will use the last chunk\ \ of container log output if the termination message file\ \ is empty and the container exited with an error. The log\ \ output is limited to 2048 bytes or 80 lines, whichever is\ \ smaller. Defaults to File. Cannot be updated." type: "string" tty: description: "Whether this container should allocate a TTY for\ \ itself, also requires 'stdin' to be true. Default is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to\ \ be used by the container." items: description: "volumeDevice describes a mapping of a raw block\ \ device within a container." example: devicePath: "devicePath" name: "name" properties: devicePath: description: "devicePath is the path inside of the container\ \ that the device will be mapped to." type: "string" name: description: "name must match the name of a persistentVolumeClaim\ \ in the pod" type: "string" required: - "devicePath" - "name" type: "object" type: "array" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\ \ Cannot be updated." items: description: "VolumeMount describes a mounting of a Volume\ \ within a container." example: mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" properties: mountPath: description: "Path within the container at which the volume\ \ should be mounted. Must not contain ':'." type: "string" mountPropagation: description: "mountPropagation determines how mounts are\ \ propagated from the host to container and the other\ \ way around. When not set, MountPropagationNone is\ \ used. This field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: description: "Mounted read-only if true, read-write otherwise\ \ (false or unspecified). Defaults to false." type: "boolean" subPath: description: "Path within the volume from which the container's\ \ volume should be mounted. Defaults to \"\" (volume's\ \ root)." type: "string" subPathExpr: description: "Expanded path within the volume from which\ \ the container's volume should be mounted. Behaves\ \ similarly to SubPath but environment variable references\ \ $(VAR_NAME) are expanded using the container's environment.\ \ Defaults to \"\" (volume's root). SubPathExpr and\ \ SubPath are mutually exclusive." type: "string" required: - "mountPath" - "name" type: "object" type: "array" workingDir: description: "Container's working directory. If not specified,\ \ the container runtime's default will be used, which might\ \ be configured in the container image. Cannot be updated." type: "string" required: - "name" type: "object" type: "array" initialization: description: "Initialization routines to run before starting HiveMQ" items: properties: name: type: "string" image: description: "Container to run the commands in, might be ignored\ \ on some platforms" type: "string" command: items: type: "string" type: "array" args: items: type: "string" type: "array" required: - "name" type: "object" type: "array" initDnsWaitImage: description: "Optional custom image/mirror to use for the HiveMQ dns\ \ wait container" type: "string" initBusyboxImage: description: "Optional custom image/mirror to use for the init busybox\ \ container" type: "string" affinity: description: "Specify a PodAffinity object. Must be specified as a\ \ scalar string for now." type: "string" ports: description: "List of ports to map for each cluster node. MQTT, control\ \ center and cluster port are required and set by default." items: properties: name: description: "Name of the port, for use in templating" type: "string" port: description: "Port to map" maximum: 65535.0 minimum: 1.0 type: "integer" expose: description: "Create a Service for this port" type: "boolean" patch: description: "JSON patches to apply to service manifests before\ \ applying them, only applies if expose is true." items: type: "string" type: "array" required: - "name" - "port" type: "object" type: "array" clusterReplicaCount: description: "Number of replicas to store in total" minimum: 1.0 type: "integer" clusterOverloadProtection: type: "boolean" restrictions: properties: maxClientIdLength: type: "integer" maxTopicLength: type: "integer" maxConnections: minimum: -1.0 type: "integer" incomingBandwidthThrottling: minimum: 0.0 type: "integer" noConnectIdleTimeout: type: "integer" type: "object" mqtt: properties: sessionExpiryInterval: minimum: 0.0 type: "integer" messageExpiryMaxInterval: minimum: 0.0 type: "integer" maxPacketSize: type: "integer" serverReceiveMaximum: type: "integer" keepaliveMax: type: "integer" keepaliveAllowUnlimited: type: "boolean" topicAliasEnabled: type: "boolean" topicAliasMaxPerClient: type: "integer" subscriptionIdentifierEnabled: type: "boolean" wildcardSubscriptionEnabled: type: "boolean" sharedSubscriptionEnabled: type: "boolean" retainedMessagesEnabled: type: "boolean" maxQos: maximum: 2.0 minimum: 0.0 type: "integer" queuedMessagesMaxQueueSize: minimum: 0.0 type: "integer" queuedMessageStrategy: enum: - "discard" - "discard-oldest" type: "string" type: "object" monitoring: properties: enablePrometheus: description: "Enable the prometheus extension and attempt to integrate\ \ with prometheus-operator" type: "boolean" scrapeInterval: description: "When enabled, specifies the Prometheus scrape interval\ \ for the resulting target in go duration syntax" type: "string" type: "object" security: properties: allowEmptyClientId: type: "boolean" payloadFormatValidation: type: "boolean" topicFormatValidation: type: "boolean" allowRequestProblemInformation: type: "boolean" controlCenterAuditLogEnabled: type: "boolean" type: "object" dnsSuffix: description: "Cluster domain suffix to use for DNS discovery, default\ \ if not set: svc.cluster.local." type: "string" controllerTemplate: description: "Advanced: Template file to use for rendering the controller\ \ that will spawn the HiveMQ pods. The template files are stored\ \ on the operator container at /templates and can be overridden\ \ via configMap." type: "string" serviceAccountName: description: "Service account to assign to the pods in the template" type: "string" secrets: description: "Secrets to mount onto the HiveMQ container" items: properties: name: description: "Name of the secret to be mounted" type: "string" path: description: "Path to mount the files to" type: "string" required: - "name" - "path" type: "object" type: "array" customProperties: additionalProperties: type: "string" description: "Additional arbitrary properties for this cluster, to\ \ be used in custom controller templates." type: "object" type: "object" status: description: "A HiveMQ deployment's status description" properties: state: description: "The current state of the deployment, indicating if updates\ \ are in progress, have failed, or the state was degraded" enum: - "Running" - "Updating" - "Creating" - "Pending" - "Failed" - "Degraded" - "Deleting" type: "string" message: description: "Human readable message describing the current state\ \ of the cluster or action being performed" type: "string" portStatus: description: "The public addresses of generated LoadBalancer services" items: properties: port: description: "Exposed port on the given service" maximum: 65535.0 minimum: 1.0 type: "integer" address: type: "string" name: description: "Name of the port in the original mapping" type: "string" type: "object" type: "array" warnings: description: "Warning messages regarding configuration errors" items: type: "string" type: "array" conditions: description: "The conditions of the cluster at any given time, as\ \ implemented by all Kubernetes resources" items: properties: type: description: "Identifier for the condition, add new conditions\ \ for life cycles here" enum: - "AllNodesReady" - "AllExtensionsLoaded" - "AllServicesReady" - "LogLevelApplied" type: "string" lastTransitionTime: description: "Last state transition time in RFC3339, UTC time" pattern: "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\\ .[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$" type: "string" status: description: "current status of the condition" type: "string" reason: description: "Reason for the last state transition" type: "string" type: "object" type: "array" previousState: description: "The previous state of this cluster, for building diffs\ \ and determining the current cluster state" type: "string" extensionState: description: "Description of all extensions and their (desired) states" items: properties: name: description: "Unique, descriptive name for the extension folder" type: "string" enabled: description: "Whether this extension should be enabled" type: "boolean" configMap: description: "ConfigMap that contains configuration files for\ \ this extension" type: "string" static: description: "Whether configuration changes should lead to a\ \ rolling disable/enable instead of hot-reload" type: "boolean" extensionUri: description: "HTTP URI to download the extension from (as .zip\ \ distribution). Set to 'preinstalled' if the extension to\ \ be managed is statically built into the container." type: "string" offline: description: "Whether the individual HiveMQ nodes being updated\ \ with a new extension version should be taken offline (i.e.\ \ removed from load-balancers) during the update" type: "boolean" initialization: description: "Initialization script to run when installing this\ \ extension. This will be executed with the working directory\ \ as the extension folder. Must be idempotent as it will be\ \ run on every update as well." type: "string" updateStrategy: description: "In what manner to perform extension updates" enum: - "serial" - "parallel" type: "string" required: - "name" type: "object" type: "array" surgeStatus: description: "Only used if the underlying controller type is StatefulSet:\ \ indicates whether a surge update is in progress, and what state\ \ it is in." enum: - "SURGE_IN_PROGRESS" - "READY" type: "string" required: - "state" - "message" type: "object" metadata: type: "object" required: - "spec" type: "object" served: true storage: true subresources: scale: specReplicasPath: ".spec.nodeCount" statusReplicasPath: ".status.scale" status: {}