--- apiVersion: "apiextensions.k8s.io/v1beta1" kind: "CustomResourceDefinition" metadata: name: "hivemq-clusters.hivemq.com" spec: additionalPrinterColumns: - JSONPath: ".spec.nodeCount" description: "HiveMQ cluster size" name: "size" type: "integer" - JSONPath: ".spec.image" description: "Image" name: "image" type: "string" - JSONPath: ".spec.hivemqVersion" description: "Version/Tag" name: "version" type: "string" - JSONPath: ".status.state" description: "Current Status" name: "status" type: "string" - JSONPath: ".status.portStatus[0].address" description: "MQTT endpoint" name: "endpoint" type: "string" - JSONPath: ".status.message" description: "Latest (detailed) status message" name: "message" type: "string" group: "hivemq.com" names: kind: "HiveMQCluster" plural: "hivemq-clusters" shortNames: - "hmqc" singular: "hivemq-cluster" preserveUnknownFields: false scope: "Namespaced" subresources: scale: specReplicasPath: ".spec.nodeCount" statusReplicasPath: ".status.scale" status: {} validation: openAPIV3Schema: description: "A HiveMQ cluster configuration" properties: spec: description: "A HiveMQ deployment's general parameters" properties: nodeCount: description: "Number of HiveMQ instances to spawn" minimum: 1.0 type: "integer" cpu: type: "string" memory: description: "Memory to request in total for a single node" type: "string" ephemeralStorage: description: "Total storage amount for a single node" type: "string" cpuLimitRatio: description: "Ratio for the CPU upper limit (>=1)" type: "number" memoryLimitRatio: description: "Ratio for the memory upper limit (>=1)" type: "number" ephemeralStorageLimitRatio: description: "Ratio for the ephemeral storage upper limit (>=1)" type: "number" image: description: "Image to use for the broker. Note that you must specify\ \ the tag to the image separately in the hivemqVersion field." type: "string" imagePullPolicy: description: "When to pull the image" type: "string" imagePullSecrets: description: "Image pull secrets to be used in the deployment to pull\ \ the HiveMQ container" items: type: "string" type: "array" operatorHints: description: "Hints that the operator will use to parameterize its internal\ \ business logic." properties: statefulSet: description: "Properties that are only relevant when deploying a\ \ StatefulSet" properties: surgeNode: description: "In order to be compliant with HiveMQ's recommended\ \ update strategy, the operator will start an additional node\ \ with the new configuration prior to running a rolling upgrade.\ \ Use this flag to disable this strategy at your own risk,\ \ in case you can't schedule an additional HiveMQ node." type: "boolean" surgeNodeCleanupPvc: description: "After finishing a rolling upgrade, the operator\ \ will delete the PersistentVolumeClaim for the added node.\ \ This is useful for AvailabilityZone bound volume providers\ \ such as EBS." type: "boolean" type: "object" type: "object" podLabels: additionalProperties: type: "string" description: "Additional labels to apply to the HiveMQ Pod template" type: "object" podAnnotations: additionalProperties: type: "string" description: "Additional annotations to add to the HiveMQ Pod template" type: "object" nodeSelector: additionalProperties: type: "string" description: "NodeSelector terms to add to the HiveMQ Pod template" type: "object" priorityClassName: description: "If specified, indicates the pod's priority. \"system-node-critical\"\ \ and \"system-cluster-critical\" are two special keywords which indicate\ \ the highest priorities with the former being the highest priority.\ \ Any other name must be defined by creating a PriorityClass object\ \ with that name. If not specified, the pod priority will be default\ \ or zero if there is no default." type: "string" runtimeClassName: description: "RuntimeClassName refers to a RuntimeClass object in the\ \ node.k8s.io group, which should be used to run this pod. If no RuntimeClass\ \ resource matches the named class, the pod will not be run. If unset\ \ or empty, the \"legacy\" RuntimeClass will be used, which is an\ \ implicit class with an empty definition that uses the default runtime\ \ handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md\ \ This is a beta feature as of Kubernetes v1.14." type: "string" tolerations: description: "Tolerations to apply to the HiveMQ Pods." items: description: "The pod this Toleration is attached to tolerates any\ \ taint that matches the triple using the matching\ \ operator ." example: effect: "effect" tolerationSeconds: 4 value: "value" key: "key" operator: "operator" properties: effect: description: "Effect indicates the taint effect to match. Empty\ \ means match all taint effects. When specified, allowed values\ \ are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: description: "Key is the taint key that the toleration applies\ \ to. Empty means match all taint keys. If the key is empty,\ \ operator must be Exists; this combination means to match all\ \ values and all keys." type: "string" operator: description: "Operator represents a key's relationship to the\ \ value. Valid operators are Exists and Equal. Defaults to Equal.\ \ Exists is equivalent to wildcard for value, so that a pod\ \ can tolerate all taints of a particular category." type: "string" tolerationSeconds: description: "TolerationSeconds represents the period of time\ \ the toleration (which must be of effect NoExecute, otherwise\ \ this field is ignored) tolerates the taint. By default, it\ \ is not set, which means tolerate the taint forever (do not\ \ evict). Zero and negative values will be treated as 0 (evict\ \ immediately) by the system." format: "int64" type: "integer" value: description: "Value is the taint value the toleration matches\ \ to. If the operator is Exists, the value should be empty,\ \ otherwise just a regular string." type: "string" type: "object" type: "array" additionalVolumes: description: "Additional volumes to add to the HiveMQ Pods." items: description: "Volume represents a named volume in a pod that may be\ \ accessed by any container in the pod." example: quobyte: volume: "volume" registry: "registry" readOnly: true user: "user" tenant: "tenant" group: "group" azureFile: secretName: "secretName" readOnly: true shareName: "shareName" flexVolume: driver: "driver" options: key: "options" secretRef: name: "name" readOnly: true fsType: "fsType" ephemeral: readOnly: true volumeClaimTemplate: metadata: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" spec: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" secret: secretName: "secretName" defaultMode: 6 optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" projected: sources: - downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 - downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 defaultMode: 1 cephfs: path: "path" secretRef: name: "name" secretFile: "secretFile" readOnly: true user: "user" monitors: - "monitors" - "monitors" scaleIO: system: "system" protectionDomain: "protectionDomain" sslEnabled: true storageMode: "storageMode" volumeName: "volumeName" secretRef: name: "name" readOnly: true fsType: "fsType" storagePool: "storagePool" gateway: "gateway" emptyDir: sizeLimit: "sizeLimit" medium: "medium" glusterfs: path: "path" endpoints: "endpoints" readOnly: true gcePersistentDisk: partition: 3 readOnly: true pdName: "pdName" fsType: "fsType" photonPersistentDisk: pdID: "pdID" fsType: "fsType" azureDisk: diskName: "diskName" kind: "kind" readOnly: true cachingMode: "cachingMode" diskURI: "diskURI" fsType: "fsType" cinder: secretRef: name: "name" volumeID: "volumeID" readOnly: true fsType: "fsType" downwardAPI: defaultMode: 8 items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" awsElasticBlockStore: partition: 9 volumeID: "volumeID" readOnly: true fsType: "fsType" flocker: datasetName: "datasetName" datasetUUID: "datasetUUID" iscsi: chapAuthSession: true iscsiInterface: "iscsiInterface" lun: 6 chapAuthDiscovery: true iqn: "iqn" portals: - "portals" - "portals" secretRef: name: "name" initiatorName: "initiatorName" readOnly: true fsType: "fsType" targetPortal: "targetPortal" rbd: image: "image" pool: "pool" secretRef: name: "name" readOnly: true fsType: "fsType" keyring: "keyring" user: "user" monitors: - "monitors" - "monitors" configMap: defaultMode: 9 name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" storageos: volumeNamespace: "volumeNamespace" volumeName: "volumeName" secretRef: name: "name" readOnly: true fsType: "fsType" csi: driver: "driver" nodePublishSecretRef: name: "name" readOnly: true fsType: "fsType" volumeAttributes: key: "volumeAttributes" name: "name" nfs: path: "path" server: "server" readOnly: true persistentVolumeClaim: claimName: "claimName" readOnly: true gitRepo: repository: "repository" directory: "directory" revision: "revision" portworxVolume: volumeID: "volumeID" readOnly: true fsType: "fsType" vsphereVolume: storagePolicyName: "storagePolicyName" storagePolicyID: "storagePolicyID" volumePath: "volumePath" fsType: "fsType" fc: lun: 6 targetWWNs: - "targetWWNs" - "targetWWNs" readOnly: true wwids: - "wwids" - "wwids" fsType: "fsType" hostPath: path: "path" type: "type" properties: awsElasticBlockStore: description: "Represents a Persistent Disk resource in AWS.\n\n\ An AWS EBS disk must exist before mounting to a container. The\ \ disk must also be in the same AWS zone as the kubelet. An\ \ AWS EBS disk can only be mounted as read/write once. AWS EBS\ \ volumes support ownership management and SELinux relabeling." example: partition: 9 volumeID: "volumeID" readOnly: true fsType: "fsType" properties: fsType: description: "Filesystem type of the volume that you want\ \ to mount. Tip: Ensure that the filesystem type is supported\ \ by the host operating system. Examples: \"ext4\", \"xfs\"\ , \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\ \ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "The partition in the volume that you want to\ \ mount. If omitted, the default is to mount by volume name.\ \ Examples: For volume /dev/sda1, you specify the partition\ \ as \"1\". Similarly, the volume partition for /dev/sda\ \ is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: description: "Specify \"true\" to force and set the ReadOnly\ \ property in VolumeMounts to \"true\". If omitted, the\ \ default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: description: "Unique ID of the persistent disk resource in\ \ AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" type: "object" azureDisk: description: "AzureDisk represents an Azure Data Disk mount on\ \ the host and bind mount to the pod." example: diskName: "diskName" kind: "kind" readOnly: true cachingMode: "cachingMode" diskURI: "diskURI" fsType: "fsType" properties: cachingMode: description: "Host Caching mode: None, Read Only, Read Write." type: "string" diskName: description: "The Name of the data disk in the blob storage" type: "string" diskURI: description: "The URI the data disk in the blob storage" type: "string" fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"ext4\"\ , \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\"\ \ if unspecified." type: "string" kind: description: "Expected values Shared: multiple blob disks\ \ per storage account Dedicated: single blob disk per storage\ \ account Managed: azure managed data disk (only in managed\ \ availability set). defaults to shared" type: "string" readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" - "diskURI" type: "object" azureFile: description: "AzureFile represents an Azure File Service mount\ \ on the host and bind mount to the pod." example: secretName: "secretName" readOnly: true shareName: "shareName" properties: readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" secretName: description: "the name of secret that contains Azure Storage\ \ Account Name and Key" type: "string" shareName: description: "Share Name" type: "string" required: - "secretName" - "shareName" type: "object" cephfs: description: "Represents a Ceph Filesystem mount that lasts the\ \ lifetime of a pod Cephfs volumes do not support ownership\ \ management or SELinux relabeling." example: path: "path" secretRef: name: "name" secretFile: "secretFile" readOnly: true user: "user" monitors: - "monitors" - "monitors" properties: monitors: description: "Required: Monitors is a collection of Ceph monitors\ \ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" path: description: "Optional: Used as the mounted root, rather than\ \ the full Ceph tree, default is /" type: "string" readOnly: description: "Optional: Defaults to false (read/write). ReadOnly\ \ here will force the ReadOnly setting in VolumeMounts.\ \ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: description: "Optional: SecretFile is the path to key ring\ \ for User, default is /etc/ceph/user.secret More info:\ \ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" user: description: "Optional: User is the rados user name, default\ \ is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: description: "Represents a cinder volume resource in Openstack.\ \ A Cinder volume must exist before mounting to a container.\ \ The volume must also be in the same region as the kubelet.\ \ Cinder volumes support ownership management and SELinux relabeling." example: secretRef: name: "name" volumeID: "volumeID" readOnly: true fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Examples:\ \ \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be\ \ \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: description: "Optional: Defaults to false (read/write). ReadOnly\ \ here will force the ReadOnly setting in VolumeMounts.\ \ More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" volumeID: description: "volume id used to identify the volume in cinder.\ \ More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" type: "object" configMap: description: "Adapts a ConfigMap into a volume.\n\nThe contents\ \ of the target ConfigMap's Data field will be presented in\ \ a volume as files using the keys in the Data field as the\ \ file names, unless the items element is populated with specific\ \ mappings of keys to paths. ConfigMap volumes support ownership\ \ management and SELinux relabeling." example: defaultMode: 9 name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" properties: defaultMode: description: "Optional: mode bits used to set permissions\ \ on created files by default. Must be an octal value between\ \ 0000 and 0777 or a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values, JSON requires decimal\ \ values for mode bits. Defaults to 0644. Directories within\ \ the path are not affected by this setting. This might\ \ be in conflict with other options that affect the file\ \ mode, like fsGroup, and the result can be other mode bits\ \ set." format: "int32" type: "integer" items: description: "If unspecified, each key-value pair in the Data\ \ field of the referenced ConfigMap will be projected into\ \ the volume as a file whose name is the key and content\ \ is the value. If specified, the listed keys will be projected\ \ into the specified paths, and unlisted keys will not be\ \ present. If a key is specified which is not present in\ \ the ConfigMap, the volume setup will error unless it is\ \ marked optional. Paths must be relative and may not contain\ \ the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." example: mode: 6 path: "path" key: "key" properties: key: description: "The key to project." type: "string" mode: description: "Optional: mode bits used to set permissions\ \ on this file. Must be an octal value between 0000\ \ and 0777 or a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values, JSON requires\ \ decimal values for mode bits. If not specified,\ \ the volume defaultMode will be used. This might\ \ be in conflict with other options that affect the\ \ file mode, like fsGroup, and the result can be other\ \ mode bits set." format: "int32" type: "integer" path: description: "The relative path of the file to map the\ \ key to. May not be an absolute path. May not contain\ \ the path element '..'. May not start with the string\ \ '..'." type: "string" required: - "key" - "path" type: "object" type: "array" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its keys must\ \ be defined" type: "boolean" type: "object" csi: description: "Represents a source location of a volume to mount,\ \ managed by an external CSI driver" example: driver: "driver" nodePublishSecretRef: name: "name" readOnly: true fsType: "fsType" volumeAttributes: key: "volumeAttributes" properties: driver: description: "Driver is the name of the CSI driver that handles\ \ this volume. Consult with your admin for the correct name\ \ as registered in the cluster." type: "string" fsType: description: "Filesystem type to mount. Ex. \"ext4\", \"xfs\"\ , \"ntfs\". If not provided, the empty value is passed to\ \ the associated CSI driver which will determine the default\ \ filesystem to apply." type: "string" nodePublishSecretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" readOnly: description: "Specifies a read-only configuration for the\ \ volume. Defaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" description: "VolumeAttributes stores driver-specific properties\ \ that are passed to the CSI driver. Consult your driver's\ \ documentation for supported values." type: "object" required: - "driver" type: "object" downwardAPI: description: "DownwardAPIVolumeSource represents a volume containing\ \ downward API info. Downward API volumes support ownership\ \ management and SELinux relabeling." example: defaultMode: 8 items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: defaultMode: description: "Optional: mode bits to use on created files\ \ by default. Must be a Optional: mode bits used to set\ \ permissions on created files by default. Must be an octal\ \ value between 0000 and 0777 or a decimal value between\ \ 0 and 511. YAML accepts both octal and decimal values,\ \ JSON requires decimal values for mode bits. Defaults to\ \ 0644. Directories within the path are not affected by\ \ this setting. This might be in conflict with other options\ \ that affect the file mode, like fsGroup, and the result\ \ can be other mode bits set." format: "int32" type: "integer" items: description: "Items is a list of downward API volume file" items: description: "DownwardAPIVolumeFile represents information\ \ to create the file containing the pod field" example: mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: fieldRef: description: "ObjectFieldSelector selects an APIVersioned\ \ field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the FieldPath\ \ is written in terms of, defaults to \"v1\"." type: "string" fieldPath: description: "Path of the field to select in the\ \ specified API version." type: "string" required: - "fieldPath" type: "object" mode: description: "Optional: mode bits used to set permissions\ \ on this file, must be an octal value between 0000\ \ and 0777 or a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values, JSON requires\ \ decimal values for mode bits. If not specified,\ \ the volume defaultMode will be used. This might\ \ be in conflict with other options that affect the\ \ file mode, like fsGroup, and the result can be other\ \ mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name\ \ of the file to be created. Must not be absolute\ \ or contain the '..' path. Must be utf-8 encoded.\ \ The first item of the relative path must not start\ \ with '..'" type: "string" resourceFieldRef: description: "ResourceFieldSelector represents container\ \ resources (cpu, memory) and their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required for volumes,\ \ optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and\ \ AsInt64() accessors.\n\nThe serialization format\ \ is:\n\n ::= \n\ \ (Note that may be empty, from the\ \ \"\" case in .)\n \ \ ::= 0 | 1 | ... | 9 ::=\ \ | \ \ ::= | . | .\ \ | . ::= \"+\" | \"\ -\" ::= | \ \ ::= | \ \ | ::= Ki | Mi\ \ | Gi | Ti | Pi | Ei\n (International System\ \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T\ \ | P | E\n (Note that 1024 = 1Ki but 1000 =\ \ 1k; I didn't choose the capitalization.)\n\ \ ::= \"e\" | \"E\" \n\ \nNo matter which of the three exponent forms\ \ is used, no quantity may represent a number\ \ greater than 2^63-1 in magnitude, nor may it\ \ have more than 3 decimal places. Numbers larger\ \ or more precise will be capped or rounded up.\ \ (E.g.: 0.1m will rounded up to 1m.) This may\ \ be extended in the future if we require larger\ \ or smaller quantities.\n\nWhen a Quantity is\ \ parsed from a string, it will remember the type\ \ of suffix it had, and will use the same type\ \ again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\".\ \ This means that Exponent/suffix will be adjusted\ \ up or down (with a corresponding increase or\ \ decrease in Mantissa) such that:\n a. No precision\ \ is lost\n b. No fractional digits will be emitted\n\ \ c. The exponent (or suffix) is as large as\ \ possible.\nThe sign will be omitted unless the\ \ number is negative.\n\nExamples:\n 1.5 will\ \ be serialized as \"1500m\"\n 1.5Gi will be\ \ serialized as \"1536Mi\"\n\nNote that the quantity\ \ will NEVER be internally represented by a floating\ \ point number. That is the whole point of this\ \ exercise.\n\nNon-canonical values will still\ \ parse as long as they are well formed, but will\ \ be re-emitted in their canonical form. (So always\ \ use canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult to use\ \ these numbers without writing some sort of special\ \ handling code in the hopes that that will cause\ \ implementors to also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" required: - "path" type: "object" type: "array" type: "object" emptyDir: description: "Represents an empty directory for a pod. Empty directory\ \ volumes support ownership management and SELinux relabeling." example: sizeLimit: "sizeLimit" medium: "medium" properties: medium: description: "What type of storage medium should back this\ \ directory. The default is \"\" which means to use the\ \ node's default medium. Must be an empty string (default)\ \ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: description: "Quantity is a fixed-point representation of\ \ a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ \ ::= 0 | 1 | ... | 9 ::= \ \ | ::= | .\ \ | . | . ::= \"+\" |\ \ \"-\" ::= | \ \ ::= | |\ \ ::= Ki | Mi | Gi | Ti |\ \ Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P | E\n\ \ (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose\ \ the capitalization.)\n ::= \"e\" \ \ | \"E\" \n\nNo matter which of the three\ \ exponent forms is used, no quantity may represent a number\ \ greater than 2^63-1 in magnitude, nor may it have more\ \ than 3 decimal places. Numbers larger or more precise\ \ will be capped or rounded up. (E.g.: 0.1m will rounded\ \ up to 1m.) This may be extended in the future if we require\ \ larger or smaller quantities.\n\nWhen a Quantity is parsed\ \ from a string, it will remember the type of suffix it\ \ had, and will use the same type again when it is serialized.\n\ \nBefore serializing, Quantity will be put in \"canonical\ \ form\". This means that Exponent/suffix will be adjusted\ \ up or down (with a corresponding increase or decrease\ \ in Mantissa) such that:\n a. No precision is lost\n \ \ b. No fractional digits will be emitted\n c. The exponent\ \ (or suffix) is as large as possible.\nThe sign will be\ \ omitted unless the number is negative.\n\nExamples:\n\ \ 1.5 will be serialized as \"1500m\"\n 1.5Gi will be\ \ serialized as \"1536Mi\"\n\nNote that the quantity will\ \ NEVER be internally represented by a floating point number.\ \ That is the whole point of this exercise.\n\nNon-canonical\ \ values will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So always\ \ use canonical form, or don't diff.)\n\nThis format is\ \ intended to make it difficult to use these numbers without\ \ writing some sort of special handling code in the hopes\ \ that that will cause implementors to also use a fixed\ \ point implementation." format: "quantity" type: "string" type: "object" ephemeral: description: "Represents an ephemeral volume that is handled by\ \ a normal storage driver." example: readOnly: true volumeClaimTemplate: metadata: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" spec: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: readOnly: description: "Specifies a read-only configuration for the\ \ volume. Defaults to false (read/write)." type: "boolean" volumeClaimTemplate: description: "PersistentVolumeClaimTemplate is used to produce\ \ PersistentVolumeClaim objects as part of an EphemeralVolumeSource." example: metadata: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" spec: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: metadata: description: "ObjectMeta is metadata that all persisted\ \ resources must have, which includes all objects users\ \ must create." example: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" properties: annotations: additionalProperties: type: "string" description: "Annotations is an unstructured key value\ \ map stored with a resource that may be set by\ \ external tools to store and retrieve arbitrary\ \ metadata. They are not queryable and should be\ \ preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" type: "object" clusterName: description: "The name of the cluster which the object\ \ belongs to. This is used to distinguish resources\ \ with same name and namespace in different clusters.\ \ This field is not set anywhere right now and apiserver\ \ is going to ignore it if set in create or update\ \ request." type: "string" creationTimestamp: description: "CreationTimestamp is a timestamp representing\ \ the server time when this object was created.\ \ It is not guaranteed to be set in happens-before\ \ order across separate operations. Clients may\ \ not set this value. It is represented in RFC3339\ \ form and is in UTC.\n\nPopulated by the system.\ \ Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" format: "date-time" type: "string" deletionGracePeriodSeconds: description: "Number of seconds allowed for this object\ \ to gracefully terminate before it will be removed\ \ from the system. Only set when deletionTimestamp\ \ is also set. May only be shortened. Read-only." format: "int64" type: "integer" deletionTimestamp: description: "DeletionTimestamp is RFC 3339 date and\ \ time at which this resource will be deleted. This\ \ field is set by the server when a graceful deletion\ \ is requested by the user, and is not directly\ \ settable by a client. The resource is expected\ \ to be deleted (no longer visible from resource\ \ lists, and not reachable by name) after the time\ \ in this field, once the finalizers list is empty.\ \ As long as the finalizers list contains items,\ \ deletion is blocked. Once the deletionTimestamp\ \ is set, this value may not be unset or be set\ \ further into the future, although it may be shortened\ \ or the resource may be deleted prior to this time.\ \ For example, a user may request that a pod is\ \ deleted in 30 seconds. The Kubelet will react\ \ by sending a graceful termination signal to the\ \ containers in the pod. After that 30 seconds,\ \ the Kubelet will send a hard termination signal\ \ (SIGKILL) to the container and after cleanup,\ \ remove the pod from the API. In the presence of\ \ network partitions, this object may still exist\ \ after this timestamp, until an administrator or\ \ automated process can determine the resource is\ \ fully terminated. If not set, graceful deletion\ \ of the object has not been requested.\n\nPopulated\ \ by the system when a graceful deletion is requested.\ \ Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" format: "date-time" type: "string" finalizers: description: "Must be empty before the object is deleted\ \ from the registry. Each entry is an identifier\ \ for the responsible component that will remove\ \ the entry from the list. If the deletionTimestamp\ \ of the object is non-nil, entries in this list\ \ can only be removed. Finalizers may be processed\ \ and removed in any order. Order is NOT enforced\ \ because it introduces significant risk of stuck\ \ finalizers. finalizers is a shared field, any\ \ actor with permission can reorder it. If the finalizer\ \ list is processed in order, then this can lead\ \ to a situation in which the component responsible\ \ for the first finalizer in the list is waiting\ \ for a signal (field value, external system, or\ \ other) produced by a component responsible for\ \ a finalizer later in the list, resulting in a\ \ deadlock. Without enforced ordering finalizers\ \ are free to order amongst themselves and are not\ \ vulnerable to ordering changes in the list." items: type: "string" type: "array" generateName: description: "GenerateName is an optional prefix,\ \ used by the server, to generate a unique name\ \ ONLY IF the Name field has not been provided.\ \ If this field is used, the name returned to the\ \ client will be different than the name passed.\ \ This value will also be combined with a unique\ \ suffix. The provided value has the same validation\ \ rules as the Name field, and may be truncated\ \ by the length of the suffix required to make the\ \ value unique on the server.\n\nIf this field is\ \ specified and the generated name exists, the server\ \ will NOT return a 409 - instead, it will either\ \ return 201 Created or 500 with Reason ServerTimeout\ \ indicating a unique name could not be found in\ \ the time allotted, and the client should retry\ \ (optionally after the time indicated in the Retry-After\ \ header).\n\nApplied only if Name is not specified.\ \ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: "string" generation: description: "A sequence number representing a specific\ \ generation of the desired state. Populated by\ \ the system. Read-only." format: "int64" type: "integer" labels: additionalProperties: type: "string" description: "Map of string keys and values that can\ \ be used to organize and categorize (scope and\ \ select) objects. May match selectors of replication\ \ controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" type: "object" managedFields: description: "ManagedFields maps workflow-id and version\ \ to the set of fields that are managed by that\ \ workflow. This is mostly for internal housekeeping,\ \ and users typically shouldn't need to set or understand\ \ this field. A workflow can be the user's name,\ \ a controller's name, or the name of a specific\ \ apply path like \"ci-cd\". The set of fields is\ \ always in the version that the workflow used when\ \ modifying the object." items: description: "ManagedFieldsEntry is a workflow-id,\ \ a FieldSet and the group version of the resource\ \ that the fieldset applies to." example: apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" properties: apiVersion: description: "APIVersion defines the version\ \ of this resource that this field set applies\ \ to. The format is \"group/version\" just\ \ like the top-level APIVersion field. It\ \ is necessary to track the version of a field\ \ set because it cannot be automatically converted." type: "string" fieldsType: description: "FieldsType is the discriminator\ \ for the different fields format and version.\ \ There is currently only one possible value:\ \ \"FieldsV1\"" type: "string" fieldsV1: description: "FieldsV1 holds the first JSON\ \ version format as described in the \"FieldsV1\"\ \ type." type: "object" manager: description: "Manager is an identifier of the\ \ workflow managing these fields." type: "string" operation: description: "Operation is the type of operation\ \ which lead to this ManagedFieldsEntry being\ \ created. The only valid values for this\ \ field are 'Apply' and 'Update'." type: "string" time: description: "Time is timestamp of when these\ \ fields were set. It should always be empty\ \ if Operation is 'Apply'" format: "date-time" type: "string" type: "object" type: "array" name: description: "Name must be unique within a namespace.\ \ Is required when creating resources, although\ \ some resources may allow a client to request the\ \ generation of an appropriate name automatically.\ \ Name is primarily intended for creation idempotence\ \ and configuration definition. Cannot be updated.\ \ More info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" namespace: description: "Namespace defines the space within which\ \ each name must be unique. An empty namespace is\ \ equivalent to the \"default\" namespace, but \"\ default\" is the canonical representation. Not all\ \ objects are required to be scoped to a namespace\ \ - the value of this field for those objects will\ \ be empty.\n\nMust be a DNS_LABEL. Cannot be updated.\ \ More info: http://kubernetes.io/docs/user-guide/namespaces" type: "string" ownerReferences: description: "List of objects depended by this object.\ \ If ALL objects in the list have been deleted,\ \ this object will be garbage collected. If this\ \ object is managed by a controller, then an entry\ \ in this list will point to this controller, with\ \ the controller field set to true. There cannot\ \ be more than one managing controller." items: description: "OwnerReference contains enough information\ \ to let you identify an owning object. An owning\ \ object must be in the same namespace as the\ \ dependent, or be cluster-scoped, so there is\ \ no namespace field." example: uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true properties: apiVersion: description: "API version of the referent." type: "string" blockOwnerDeletion: description: "If true, AND if the owner has\ \ the \"foregroundDeletion\" finalizer, then\ \ the owner cannot be deleted from the key-value\ \ store until this reference is removed. Defaults\ \ to false. To set this field, a user needs\ \ \"delete\" permission of the owner, otherwise\ \ 422 (Unprocessable Entity) will be returned." type: "boolean" controller: description: "If true, this reference points\ \ to the managing controller." type: "boolean" kind: description: "Kind of the referent. More info:\ \ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: description: "Name of the referent. More info:\ \ http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" uid: description: "UID of the referent. More info:\ \ http://kubernetes.io/docs/user-guide/identifiers#uids" type: "string" required: - "apiVersion" - "kind" - "name" - "uid" type: "object" type: "array" resourceVersion: description: "An opaque value that represents the\ \ internal version of this object that can be used\ \ by clients to determine when objects have changed.\ \ May be used for optimistic concurrency, change\ \ detection, and the watch operation on a resource\ \ or set of resources. Clients must treat these\ \ values as opaque and passed unmodified back to\ \ the server. They may only be valid for a particular\ \ resource or set of resources.\n\nPopulated by\ \ the system. Read-only. Value must be treated as\ \ opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" selfLink: description: "SelfLink is a URL representing this\ \ object. Populated by the system. Read-only.\n\n\ DEPRECATED Kubernetes will stop propagating this\ \ field in 1.20 release and the field is planned\ \ to be removed in 1.21 release." type: "string" uid: description: "UID is the unique in time and space\ \ value for this object. It is typically generated\ \ by the server on successful creation of a resource\ \ and is not allowed to change on PUT operations.\n\ \nPopulated by the system. Read-only. More info:\ \ http://kubernetes.io/docs/user-guide/identifiers#uids" type: "string" type: "object" spec: description: "PersistentVolumeClaimSpec describes the\ \ common attributes of storage devices and allows a\ \ Source for provider-specific attributes" example: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: accessModes: description: "AccessModes contains the desired access\ \ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: description: "TypedLocalObjectReference contains enough\ \ information to let you locate the typed referenced\ \ object inside the same namespace." example: apiGroup: "apiGroup" kind: "kind" name: "name" properties: apiGroup: description: "APIGroup is the group for the resource\ \ being referenced. If APIGroup is not specified,\ \ the specified Kind must be in the core API\ \ group. For any other third-party types, APIGroup\ \ is required." type: "string" kind: description: "Kind is the type of resource being\ \ referenced" type: "string" name: description: "Name is the name of resource being\ \ referenced" type: "string" required: - "kind" - "name" type: "object" resources: description: "ResourceRequirements describes the compute\ \ resource requirements." example: requests: {} limits: {} properties: limits: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String()\ \ and AsInt64() accessors.\n\nThe serialization\ \ format is:\n\n ::= \n\ \ (Note that may be empty, from\ \ the \"\" case in .)\n\ \ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | .\ \ | . | . \ \ ::= \"+\" | \"-\" ::=\ \ | \ \ ::= | |\ \ ::= Ki | Mi\ \ | Gi | Ti | Pi | Ei\n (International System\ \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G\ \ | T | P | E\n (Note that 1024 = 1Ki but\ \ 1000 = 1k; I didn't choose the capitalization.)\n\ ::= \"e\" \ \ | \"E\" \n\nNo matter which\ \ of the three exponent forms is used, no\ \ quantity may represent a number greater\ \ than 2^63-1 in magnitude, nor may it have\ \ more than 3 decimal places. Numbers larger\ \ or more precise will be capped or rounded\ \ up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if we\ \ require larger or smaller quantities.\n\n\ When a Quantity is parsed from a string, it\ \ will remember the type of suffix it had,\ \ and will use the same type again when it\ \ is serialized.\n\nBefore serializing, Quantity\ \ will be put in \"canonical form\". This\ \ means that Exponent/suffix will be adjusted\ \ up or down (with a corresponding increase\ \ or decrease in Mantissa) such that:\n a.\ \ No precision is lost\n b. No fractional\ \ digits will be emitted\n c. The exponent\ \ (or suffix) is as large as possible.\nThe\ \ sign will be omitted unless the number is\ \ negative.\n\nExamples:\n 1.5 will be serialized\ \ as \"1500m\"\n 1.5Gi will be serialized\ \ as \"1536Mi\"\n\nNote that the quantity\ \ will NEVER be internally represented by\ \ a floating point number. That is the whole\ \ point of this exercise.\n\nNon-canonical\ \ values will still parse as long as they\ \ are well formed, but will be re-emitted\ \ in their canonical form. (So always use\ \ canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult\ \ to use these numbers without writing some\ \ sort of special handling code in the hopes\ \ that that will cause implementors to also\ \ use a fixed point implementation." format: "quantity" type: "string" description: "Limits describes the maximum amount\ \ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" requests: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String()\ \ and AsInt64() accessors.\n\nThe serialization\ \ format is:\n\n ::= \n\ \ (Note that may be empty, from\ \ the \"\" case in .)\n\ \ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | .\ \ | . | . \ \ ::= \"+\" | \"-\" ::=\ \ | \ \ ::= | |\ \ ::= Ki | Mi\ \ | Gi | Ti | Pi | Ei\n (International System\ \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G\ \ | T | P | E\n (Note that 1024 = 1Ki but\ \ 1000 = 1k; I didn't choose the capitalization.)\n\ ::= \"e\" \ \ | \"E\" \n\nNo matter which\ \ of the three exponent forms is used, no\ \ quantity may represent a number greater\ \ than 2^63-1 in magnitude, nor may it have\ \ more than 3 decimal places. Numbers larger\ \ or more precise will be capped or rounded\ \ up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if we\ \ require larger or smaller quantities.\n\n\ When a Quantity is parsed from a string, it\ \ will remember the type of suffix it had,\ \ and will use the same type again when it\ \ is serialized.\n\nBefore serializing, Quantity\ \ will be put in \"canonical form\". This\ \ means that Exponent/suffix will be adjusted\ \ up or down (with a corresponding increase\ \ or decrease in Mantissa) such that:\n a.\ \ No precision is lost\n b. No fractional\ \ digits will be emitted\n c. The exponent\ \ (or suffix) is as large as possible.\nThe\ \ sign will be omitted unless the number is\ \ negative.\n\nExamples:\n 1.5 will be serialized\ \ as \"1500m\"\n 1.5Gi will be serialized\ \ as \"1536Mi\"\n\nNote that the quantity\ \ will NEVER be internally represented by\ \ a floating point number. That is the whole\ \ point of this exercise.\n\nNon-canonical\ \ values will still parse as long as they\ \ are well formed, but will be re-emitted\ \ in their canonical form. (So always use\ \ canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult\ \ to use these numbers without writing some\ \ sort of special handling code in the hopes\ \ that that will cause implementors to also\ \ use a fixed point implementation." format: "quantity" type: "string" description: "Requests describes the minimum amount\ \ of compute resources required. If Requests\ \ is omitted for a container, it defaults to\ \ Limits if that is explicitly specified, otherwise\ \ to an implementation-defined value. More info:\ \ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" type: "object" selector: description: "A label selector is a label query over\ \ a set of resources. The result of matchLabels\ \ and matchExpressions are ANDed. An empty label\ \ selector matches all objects. A null label selector\ \ matches no objects." example: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" properties: matchExpressions: description: "matchExpressions is a list of label\ \ selector requirements. The requirements are\ \ ANDed." items: description: "A label selector requirement is\ \ a selector that contains values, a key,\ \ and an operator that relates the key and\ \ values." example: values: - "values" - "values" key: "key" operator: "operator" properties: key: description: "key is the label key that\ \ the selector applies to." type: "string" operator: description: "operator represents a key's\ \ relationship to a set of values. Valid\ \ operators are In, NotIn, Exists and\ \ DoesNotExist." type: "string" values: description: "values is an array of string\ \ values. If the operator is In or NotIn,\ \ the values array must be non-empty.\ \ If the operator is Exists or DoesNotExist,\ \ the values array must be empty. This\ \ array is replaced during a strategic\ \ merge patch." items: type: "string" type: "array" required: - "key" - "operator" type: "object" type: "array" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value}\ \ pairs. A single {key,value} in the matchLabels\ \ map is equivalent to an element of matchExpressions,\ \ whose key field is \"key\", the operator is\ \ \"In\", and the values array contains only\ \ \"value\". The requirements are ANDed." type: "object" type: "object" storageClassName: description: "Name of the StorageClass required by\ \ the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: description: "volumeMode defines what type of volume\ \ is required by the claim. Value of Filesystem\ \ is implied when not included in claim spec." type: "string" volumeName: description: "VolumeName is the binding reference\ \ to the PersistentVolume backing this claim." type: "string" type: "object" required: - "spec" type: "object" type: "object" fc: description: "Represents a Fibre Channel volume. Fibre Channel\ \ volumes can only be mounted as read/write once. Fibre Channel\ \ volumes support ownership management and SELinux relabeling." example: lun: 6 targetWWNs: - "targetWWNs" - "targetWWNs" readOnly: true wwids: - "wwids" - "wwids" fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"ext4\"\ , \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\"\ \ if unspecified." type: "string" lun: description: "Optional: FC target lun number" format: "int32" type: "integer" readOnly: description: "Optional: Defaults to false (read/write). ReadOnly\ \ here will force the ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: description: "Optional: FC target worldwide names (WWNs)" items: type: "string" type: "array" wwids: description: "Optional: FC volume world wide identifiers (wwids)\ \ Either wwids or combination of targetWWNs and lun must\ \ be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: description: "FlexVolume represents a generic volume resource\ \ that is provisioned/attached using an exec based plugin." example: driver: "driver" options: key: "options" secretRef: name: "name" readOnly: true fsType: "fsType" properties: driver: description: "Driver is the name of the driver to use for\ \ this volume." type: "string" fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"ext4\"\ , \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume\ \ script." type: "string" options: additionalProperties: type: "string" description: "Optional: Extra command options if any." type: "object" readOnly: description: "Optional: Defaults to false (read/write). ReadOnly\ \ here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" required: - "driver" type: "object" flocker: description: "Represents a Flocker volume mounted by the Flocker\ \ agent. One and only one of datasetName and datasetUUID should\ \ be set. Flocker volumes do not support ownership management\ \ or SELinux relabeling." example: datasetName: "datasetName" datasetUUID: "datasetUUID" properties: datasetName: description: "Name of the dataset stored as metadata -> name\ \ on the dataset for Flocker should be considered as deprecated" type: "string" datasetUUID: description: "UUID of the dataset. This is unique identifier\ \ of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: description: "Represents a Persistent Disk resource in Google\ \ Compute Engine.\n\nA GCE PD must exist before mounting to\ \ a container. The disk must also be in the same GCE project\ \ and zone as the kubelet. A GCE PD can only be mounted as read/write\ \ once or read-only many times. GCE PDs support ownership management\ \ and SELinux relabeling." example: partition: 3 readOnly: true pdName: "pdName" fsType: "fsType" properties: fsType: description: "Filesystem type of the volume that you want\ \ to mount. Tip: Ensure that the filesystem type is supported\ \ by the host operating system. Examples: \"ext4\", \"xfs\"\ , \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\ \ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "The partition in the volume that you want to\ \ mount. If omitted, the default is to mount by volume name.\ \ Examples: For volume /dev/sda1, you specify the partition\ \ as \"1\". Similarly, the volume partition for /dev/sda\ \ is \"0\" (or you can leave the property empty). More info:\ \ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: description: "Unique name of the PD resource in GCE. Used\ \ to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: description: "ReadOnly here will force the ReadOnly setting\ \ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: description: "Represents a volume that is populated with the contents\ \ of a git repository. Git repo volumes do not support ownership\ \ management. Git repo volumes support SELinux relabeling.\n\ \nDEPRECATED: GitRepo is deprecated. To provision a container\ \ with a git repo, mount an EmptyDir into an InitContainer that\ \ clones the repo using git, then mount the EmptyDir into the\ \ Pod's container." example: repository: "repository" directory: "directory" revision: "revision" properties: directory: description: "Target directory name. Must not contain or start\ \ with '..'. If '.' is supplied, the volume directory will\ \ be the git repository. Otherwise, if specified, the volume\ \ will contain the git repository in the subdirectory with\ \ the given name." type: "string" repository: description: "Repository URL" type: "string" revision: description: "Commit hash for the specified revision." type: "string" required: - "repository" type: "object" glusterfs: description: "Represents a Glusterfs mount that lasts the lifetime\ \ of a pod. Glusterfs volumes do not support ownership management\ \ or SELinux relabeling." example: path: "path" endpoints: "endpoints" readOnly: true properties: endpoints: description: "EndpointsName is the endpoint name that details\ \ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: description: "Path is the Glusterfs volume path. More info:\ \ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: description: "ReadOnly here will force the Glusterfs volume\ \ to be mounted with read-only permissions. Defaults to\ \ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: description: "Represents a host path mapped into a pod. Host path\ \ volumes do not support ownership management or SELinux relabeling." example: path: "path" type: "type" properties: path: description: "Path of the directory on the host. If the path\ \ is a symlink, it will follow the link to the real path.\ \ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: description: "Type for HostPath Volume Defaults to \"\" More\ \ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: description: "Represents an ISCSI disk. ISCSI volumes can only\ \ be mounted as read/write once. ISCSI volumes support ownership\ \ management and SELinux relabeling." example: chapAuthSession: true iscsiInterface: "iscsiInterface" lun: 6 chapAuthDiscovery: true iqn: "iqn" portals: - "portals" - "portals" secretRef: name: "name" initiatorName: "initiatorName" readOnly: true fsType: "fsType" targetPortal: "targetPortal" properties: chapAuthDiscovery: description: "whether support iSCSI Discovery CHAP authentication" type: "boolean" chapAuthSession: description: "whether support iSCSI Session CHAP authentication" type: "boolean" fsType: description: "Filesystem type of the volume that you want\ \ to mount. Tip: Ensure that the filesystem type is supported\ \ by the host operating system. Examples: \"ext4\", \"xfs\"\ , \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\ \ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "Custom iSCSI Initiator Name. If initiatorName\ \ is specified with iscsiInterface simultaneously, new iSCSI\ \ interface : will be created\ \ for the connection." type: "string" iqn: description: "Target iSCSI Qualified Name." type: "string" iscsiInterface: description: "iSCSI Interface Name that uses an iSCSI transport.\ \ Defaults to 'default' (tcp)." type: "string" lun: description: "iSCSI Target Lun number." format: "int32" type: "integer" portals: description: "iSCSI Target Portal List. The portal is either\ \ an IP or ip_addr:port if the port is other than default\ \ (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: description: "ReadOnly here will force the ReadOnly setting\ \ in VolumeMounts. Defaults to false." type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" targetPortal: description: "iSCSI Target Portal. The Portal is either an\ \ IP or ip_addr:port if the port is other than default (typically\ \ TCP ports 860 and 3260)." type: "string" required: - "iqn" - "lun" - "targetPortal" type: "object" name: description: "Volume's name. Must be a DNS_LABEL and unique within\ \ the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: description: "Represents an NFS mount that lasts the lifetime\ \ of a pod. NFS volumes do not support ownership management\ \ or SELinux relabeling." example: path: "path" server: "server" readOnly: true properties: path: description: "Path that is exported by the NFS server. More\ \ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: description: "ReadOnly here will force the NFS export to be\ \ mounted with read-only permissions. Defaults to false.\ \ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: description: "Server is the hostname or IP address of the\ \ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: description: "PersistentVolumeClaimVolumeSource references the\ \ user's PVC in the same namespace. This volume finds the bound\ \ PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource\ \ is, essentially, a wrapper around another type of volume that\ \ is owned by someone else (the system)." example: claimName: "claimName" readOnly: true properties: claimName: description: "ClaimName is the name of a PersistentVolumeClaim\ \ in the same namespace as the pod using this volume. More\ \ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: description: "Will force the ReadOnly setting in VolumeMounts.\ \ Default false." type: "boolean" required: - "claimName" type: "object" photonPersistentDisk: description: "Represents a Photon Controller persistent disk resource." example: pdID: "pdID" fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"ext4\"\ , \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\"\ \ if unspecified." type: "string" pdID: description: "ID that identifies Photon Controller persistent\ \ disk" type: "string" required: - "pdID" type: "object" portworxVolume: description: "PortworxVolumeSource represents a Portworx volume\ \ resource." example: volumeID: "volumeID" readOnly: true fsType: "fsType" properties: fsType: description: "FSType represents the filesystem type to mount\ \ Must be a filesystem type supported by the host operating\ \ system. Ex. \"ext4\", \"xfs\". Implicitly inferred to\ \ be \"ext4\" if unspecified." type: "string" readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" volumeID: description: "VolumeID uniquely identifies a Portworx volume" type: "string" required: - "volumeID" type: "object" projected: description: "Represents a projected volume source" example: sources: - downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 - downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 defaultMode: 1 properties: defaultMode: description: "Mode bits used to set permissions on created\ \ files by default. Must be an octal value between 0000\ \ and 0777 or a decimal value between 0 and 511. YAML accepts\ \ both octal and decimal values, JSON requires decimal values\ \ for mode bits. Directories within the path are not affected\ \ by this setting. This might be in conflict with other\ \ options that affect the file mode, like fsGroup, and the\ \ result can be other mode bits set." format: "int32" type: "integer" sources: description: "list of volume projections" items: description: "Projection that may be projected along with\ \ other supported volume types" example: downwardAPI: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" configMap: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" secret: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" serviceAccountToken: path: "path" audience: "audience" expirationSeconds: 2 properties: configMap: description: "Adapts a ConfigMap into a projected volume.\n\ \nThe contents of the target ConfigMap's Data field\ \ will be presented in a projected volume as files\ \ using the keys in the Data field as the file names,\ \ unless the items element is populated with specific\ \ mappings of keys to paths. Note that this is identical\ \ to a configmap volume source without the default\ \ mode." example: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" properties: items: description: "If unspecified, each key-value pair\ \ in the Data field of the referenced ConfigMap\ \ will be projected into the volume as a file\ \ whose name is the key and content is the value.\ \ If specified, the listed keys will be projected\ \ into the specified paths, and unlisted keys\ \ will not be present. If a key is specified which\ \ is not present in the ConfigMap, the volume\ \ setup will error unless it is marked optional.\ \ Paths must be relative and may not contain the\ \ '..' path or start with '..'." items: description: "Maps a string key to a path within\ \ a volume." example: mode: 6 path: "path" key: "key" properties: key: description: "The key to project." type: "string" mode: description: "Optional: mode bits used to\ \ set permissions on this file. Must be\ \ an octal value between 0000 and 0777 or\ \ a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values,\ \ JSON requires decimal values for mode\ \ bits. If not specified, the volume defaultMode\ \ will be used. This might be in conflict\ \ with other options that affect the file\ \ mode, like fsGroup, and the result can\ \ be other mode bits set." format: "int32" type: "integer" path: description: "The relative path of the file\ \ to map the key to. May not be an absolute\ \ path. May not contain the path element\ \ '..'. May not start with the string '..'." type: "string" required: - "key" - "path" type: "object" type: "array" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its\ \ keys must be defined" type: "boolean" type: "object" downwardAPI: description: "Represents downward API info for projecting\ \ into a projected volume. Note that this is identical\ \ to a downwardAPI volume source without the default\ \ mode." example: items: - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: items: description: "Items is a list of DownwardAPIVolume\ \ file" items: description: "DownwardAPIVolumeFile represents\ \ information to create the file containing\ \ the pod field" example: mode: 9 path: "path" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: fieldRef: description: "ObjectFieldSelector selects\ \ an APIVersioned field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the\ \ FieldPath is written in terms of,\ \ defaults to \"v1\"." type: "string" fieldPath: description: "Path of the field to select\ \ in the specified API version." type: "string" required: - "fieldPath" type: "object" mode: description: "Optional: mode bits used to\ \ set permissions on this file, must be\ \ an octal value between 0000 and 0777 or\ \ a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values,\ \ JSON requires decimal values for mode\ \ bits. If not specified, the volume defaultMode\ \ will be used. This might be in conflict\ \ with other options that affect the file\ \ mode, like fsGroup, and the result can\ \ be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative\ \ path name of the file to be created. Must\ \ not be absolute or contain the '..' path.\ \ Must be utf-8 encoded. The first item\ \ of the relative path must not start with\ \ '..'" type: "string" resourceFieldRef: description: "ResourceFieldSelector represents\ \ container resources (cpu, memory) and\ \ their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required\ \ for volumes, optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point\ \ representation of a number. It provides\ \ convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String()\ \ and AsInt64() accessors.\n\nThe serialization\ \ format is:\n\n ::=\ \ \n (Note that\ \ may be empty, from the \"\ \" case in .)\n \ \ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | .\ \ | . | . \ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | \ \ | ::=\ \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k |\ \ M | G | T | P | E\n (Note that 1024\ \ = 1Ki but 1000 = 1k; I didn't choose\ \ the capitalization.)\n\ \ ::= \"e\" | \"E\" \n\ \nNo matter which of the three exponent\ \ forms is used, no quantity may represent\ \ a number greater than 2^63-1 in magnitude,\ \ nor may it have more than 3 decimal\ \ places. Numbers larger or more precise\ \ will be capped or rounded up. (E.g.:\ \ 0.1m will rounded up to 1m.) This\ \ may be extended in the future if we\ \ require larger or smaller quantities.\n\ \nWhen a Quantity is parsed from a string,\ \ it will remember the type of suffix\ \ it had, and will use the same type\ \ again when it is serialized.\n\nBefore\ \ serializing, Quantity will be put\ \ in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted\ \ up or down (with a corresponding increase\ \ or decrease in Mantissa) such that:\n\ \ a. No precision is lost\n b. No\ \ fractional digits will be emitted\n\ \ c. The exponent (or suffix) is as\ \ large as possible.\nThe sign will\ \ be omitted unless the number is negative.\n\ \nExamples:\n 1.5 will be serialized\ \ as \"1500m\"\n 1.5Gi will be serialized\ \ as \"1536Mi\"\n\nNote that the quantity\ \ will NEVER be internally represented\ \ by a floating point number. That is\ \ the whole point of this exercise.\n\ \nNon-canonical values will still parse\ \ as long as they are well formed, but\ \ will be re-emitted in their canonical\ \ form. (So always use canonical form,\ \ or don't diff.)\n\nThis format is\ \ intended to make it difficult to use\ \ these numbers without writing some\ \ sort of special handling code in the\ \ hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" required: - "path" type: "object" type: "array" type: "object" secret: description: "Adapts a secret into a projected volume.\n\ \nThe contents of the target Secret's Data field will\ \ be presented in a projected volume as files using\ \ the keys in the Data field as the file names. Note\ \ that this is identical to a secret volume source\ \ without the default mode." example: name: "name" optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" properties: items: description: "If unspecified, each key-value pair\ \ in the Data field of the referenced Secret will\ \ be projected into the volume as a file whose\ \ name is the key and content is the value. If\ \ specified, the listed keys will be projected\ \ into the specified paths, and unlisted keys\ \ will not be present. If a key is specified which\ \ is not present in the Secret, the volume setup\ \ will error unless it is marked optional. Paths\ \ must be relative and may not contain the '..'\ \ path or start with '..'." items: description: "Maps a string key to a path within\ \ a volume." example: mode: 6 path: "path" key: "key" properties: key: description: "The key to project." type: "string" mode: description: "Optional: mode bits used to\ \ set permissions on this file. Must be\ \ an octal value between 0000 and 0777 or\ \ a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values,\ \ JSON requires decimal values for mode\ \ bits. If not specified, the volume defaultMode\ \ will be used. This might be in conflict\ \ with other options that affect the file\ \ mode, like fsGroup, and the result can\ \ be other mode bits set." format: "int32" type: "integer" path: description: "The relative path of the file\ \ to map the key to. May not be an absolute\ \ path. May not contain the path element\ \ '..'. May not start with the string '..'." type: "string" required: - "key" - "path" type: "object" type: "array" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its\ \ key must be defined" type: "boolean" type: "object" serviceAccountToken: description: "ServiceAccountTokenProjection represents\ \ a projected service account token volume. This projection\ \ can be used to insert a service account token into\ \ the pods runtime filesystem for use against APIs\ \ (Kubernetes API Server or otherwise)." example: path: "path" audience: "audience" expirationSeconds: 2 properties: audience: description: "Audience is the intended audience\ \ of the token. A recipient of a token must identify\ \ itself with an identifier specified in the audience\ \ of the token, and otherwise should reject the\ \ token. The audience defaults to the identifier\ \ of the apiserver." type: "string" expirationSeconds: description: "ExpirationSeconds is the requested\ \ duration of validity of the service account\ \ token. As the token approaches expiration, the\ \ kubelet volume plugin will proactively rotate\ \ the service account token. The kubelet will\ \ start trying to rotate the token if the token\ \ is older than 80 percent of its time to live\ \ or if the token is older than 24 hours.Defaults\ \ to 1 hour and must be at least 10 minutes." format: "int64" type: "integer" path: description: "Path is the path relative to the mount\ \ point of the file to project the token into." type: "string" required: - "path" type: "object" type: "object" type: "array" required: - "sources" type: "object" quobyte: description: "Represents a Quobyte mount that lasts the lifetime\ \ of a pod. Quobyte volumes do not support ownership management\ \ or SELinux relabeling." example: volume: "volume" registry: "registry" readOnly: true user: "user" tenant: "tenant" group: "group" properties: group: description: "Group to map volume access to Default is no\ \ group" type: "string" readOnly: description: "ReadOnly here will force the Quobyte volume\ \ to be mounted with read-only permissions. Defaults to\ \ false." type: "boolean" registry: description: "Registry represents a single or multiple Quobyte\ \ Registry services specified as a string as host:port pair\ \ (multiple entries are separated with commas) which acts\ \ as the central registry for volumes" type: "string" tenant: description: "Tenant owning the given Quobyte volume in the\ \ Backend Used with dynamically provisioned Quobyte volumes,\ \ value is set by the plugin" type: "string" user: description: "User to map volume access to Defaults to serivceaccount\ \ user" type: "string" volume: description: "Volume is a string that references an already\ \ created Quobyte volume by name." type: "string" required: - "registry" - "volume" type: "object" rbd: description: "Represents a Rados Block Device mount that lasts\ \ the lifetime of a pod. RBD volumes support ownership management\ \ and SELinux relabeling." example: image: "image" pool: "pool" secretRef: name: "name" readOnly: true fsType: "fsType" keyring: "keyring" user: "user" monitors: - "monitors" - "monitors" properties: fsType: description: "Filesystem type of the volume that you want\ \ to mount. Tip: Ensure that the filesystem type is supported\ \ by the host operating system. Examples: \"ext4\", \"xfs\"\ , \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\ \ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: description: "Keyring is the path to key ring for RBDUser.\ \ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: description: "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: description: "The rados pool name. Default is rbd. More info:\ \ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: description: "ReadOnly here will force the ReadOnly setting\ \ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" user: description: "The rados user name. Default is admin. More\ \ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" - "monitors" type: "object" scaleIO: description: "ScaleIOVolumeSource represents a persistent ScaleIO\ \ volume" example: system: "system" protectionDomain: "protectionDomain" sslEnabled: true storageMode: "storageMode" volumeName: "volumeName" secretRef: name: "name" readOnly: true fsType: "fsType" storagePool: "storagePool" gateway: "gateway" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"ext4\"\ , \"xfs\", \"ntfs\". Default is \"xfs\"." type: "string" gateway: description: "The host address of the ScaleIO API Gateway." type: "string" protectionDomain: description: "The name of the ScaleIO Protection Domain for\ \ the configured storage." type: "string" readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" sslEnabled: description: "Flag to enable/disable SSL communication with\ \ Gateway, default false" type: "boolean" storageMode: description: "Indicates whether the storage for a volume should\ \ be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." type: "string" storagePool: description: "The ScaleIO Storage Pool associated with the\ \ protection domain." type: "string" system: description: "The name of the storage system as configured\ \ in ScaleIO." type: "string" volumeName: description: "The name of a volume already created in the\ \ ScaleIO system that is associated with this volume source." type: "string" required: - "gateway" - "secretRef" - "system" type: "object" secret: description: "Adapts a Secret into a volume.\n\nThe contents of\ \ the target Secret's Data field will be presented in a volume\ \ as files using the keys in the Data field as the file names.\ \ Secret volumes support ownership management and SELinux relabeling." example: secretName: "secretName" defaultMode: 6 optional: true items: - mode: 6 path: "path" key: "key" - mode: 6 path: "path" key: "key" properties: defaultMode: description: "Optional: mode bits used to set permissions\ \ on created files by default. Must be an octal value between\ \ 0000 and 0777 or a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values, JSON requires decimal\ \ values for mode bits. Defaults to 0644. Directories within\ \ the path are not affected by this setting. This might\ \ be in conflict with other options that affect the file\ \ mode, like fsGroup, and the result can be other mode bits\ \ set." format: "int32" type: "integer" items: description: "If unspecified, each key-value pair in the Data\ \ field of the referenced Secret will be projected into\ \ the volume as a file whose name is the key and content\ \ is the value. If specified, the listed keys will be projected\ \ into the specified paths, and unlisted keys will not be\ \ present. If a key is specified which is not present in\ \ the Secret, the volume setup will error unless it is marked\ \ optional. Paths must be relative and may not contain the\ \ '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." example: mode: 6 path: "path" key: "key" properties: key: description: "The key to project." type: "string" mode: description: "Optional: mode bits used to set permissions\ \ on this file. Must be an octal value between 0000\ \ and 0777 or a decimal value between 0 and 511. YAML\ \ accepts both octal and decimal values, JSON requires\ \ decimal values for mode bits. If not specified,\ \ the volume defaultMode will be used. This might\ \ be in conflict with other options that affect the\ \ file mode, like fsGroup, and the result can be other\ \ mode bits set." format: "int32" type: "integer" path: description: "The relative path of the file to map the\ \ key to. May not be an absolute path. May not contain\ \ the path element '..'. May not start with the string\ \ '..'." type: "string" required: - "key" - "path" type: "object" type: "array" optional: description: "Specify whether the Secret or its keys must\ \ be defined" type: "boolean" secretName: description: "Name of the secret in the pod's namespace to\ \ use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: description: "Represents a StorageOS persistent volume resource." example: volumeNamespace: "volumeNamespace" volumeName: "volumeName" secretRef: name: "name" readOnly: true fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"ext4\"\ , \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\"\ \ if unspecified." type: "string" readOnly: description: "Defaults to false (read/write). ReadOnly here\ \ will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: description: "LocalObjectReference contains enough information\ \ to let you locate the referenced object inside the same\ \ namespace." example: name: "name" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" volumeName: description: "VolumeName is the human-readable name of the\ \ StorageOS volume. Volume names are only unique within\ \ a namespace." type: "string" volumeNamespace: description: "VolumeNamespace specifies the scope of the volume\ \ within StorageOS. If no namespace is specified then the\ \ Pod's namespace will be used. This allows the Kubernetes\ \ name scoping to be mirrored within StorageOS for tighter\ \ integration. Set VolumeName to any name to override the\ \ default behaviour. Set to \"default\" if you are not using\ \ namespaces within StorageOS. Namespaces that do not pre-exist\ \ within StorageOS will be created." type: "string" type: "object" vsphereVolume: description: "Represents a vSphere volume resource." example: storagePolicyName: "storagePolicyName" storagePolicyID: "storagePolicyID" volumePath: "volumePath" fsType: "fsType" properties: fsType: description: "Filesystem type to mount. Must be a filesystem\ \ type supported by the host operating system. Ex. \"ext4\"\ , \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\"\ \ if unspecified." type: "string" storagePolicyID: description: "Storage Policy Based Management (SPBM) profile\ \ ID associated with the StoragePolicyName." type: "string" storagePolicyName: description: "Storage Policy Based Management (SPBM) profile\ \ name." type: "string" volumePath: description: "Path that identifies vSphere volume vmdk" type: "string" required: - "volumePath" type: "object" required: - "name" type: "object" type: "array" additionalVolumeMounts: description: "Additional volumeMounts to add to the HiveMQ Containers." items: description: "VolumeMount describes a mounting of a Volume within\ \ a container." example: mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" properties: mountPath: description: "Path within the container at which the volume should\ \ be mounted. Must not contain ':'." type: "string" mountPropagation: description: "mountPropagation determines how mounts are propagated\ \ from the host to container and the other way around. When\ \ not set, MountPropagationNone is used. This field is beta\ \ in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: description: "Mounted read-only if true, read-write otherwise\ \ (false or unspecified). Defaults to false." type: "boolean" subPath: description: "Path within the volume from which the container's\ \ volume should be mounted. Defaults to \"\" (volume's root)." type: "string" subPathExpr: description: "Expanded path within the volume from which the container's\ \ volume should be mounted. Behaves similarly to SubPath but\ \ environment variable references $(VAR_NAME) are expanded using\ \ the container's environment. Defaults to \"\" (volume's root).\ \ SubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" - "name" type: "object" type: "array" topologySpreadConstraints: description: "TopologySpreadConstraints describes how a group of pods\ \ ought to spread across topology domains. Scheduler will schedule\ \ pods in a way which abides by the constraints. All topologySpreadConstraints\ \ are ANDed." items: description: "TopologySpreadConstraint specifies how to spread matching\ \ pods among the given topology." example: whenUnsatisfiable: "whenUnsatisfiable" maxSkew: 5 labelSelector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" topologyKey: "topologyKey" properties: labelSelector: description: "A label selector is a label query over a set of\ \ resources. The result of matchLabels and matchExpressions\ \ are ANDed. An empty label selector matches all objects. A\ \ null label selector matches no objects." example: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" properties: matchExpressions: description: "matchExpressions is a list of label selector\ \ requirements. The requirements are ANDed." items: description: "A label selector requirement is a selector\ \ that contains values, a key, and an operator that relates\ \ the key and values." example: values: - "values" - "values" key: "key" operator: "operator" properties: key: description: "key is the label key that the selector\ \ applies to." type: "string" operator: description: "operator represents a key's relationship\ \ to a set of values. Valid operators are In, NotIn,\ \ Exists and DoesNotExist." type: "string" values: description: "values is an array of string values. If\ \ the operator is In or NotIn, the values array must\ \ be non-empty. If the operator is Exists or DoesNotExist,\ \ the values array must be empty. This array is replaced\ \ during a strategic merge patch." items: type: "string" type: "array" required: - "key" - "operator" type: "object" type: "array" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A\ \ single {key,value} in the matchLabels map is equivalent\ \ to an element of matchExpressions, whose key field is\ \ \"key\", the operator is \"In\", and the values array\ \ contains only \"value\". The requirements are ANDed." type: "object" type: "object" maxSkew: description: "MaxSkew describes the degree to which pods may be\ \ unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,\ \ it is the maximum permitted difference between the number\ \ of matching pods in the target topology and the global minimum.\ \ For example, in a 3-zone cluster, MaxSkew is set to 1, and\ \ pods with the same labelSelector spread as 1/1/0: | zone1\ \ | zone2 | zone3 | | P | P | | - if MaxSkew is\ \ 1, incoming pod can only be scheduled to zone3 to become 1/1/1;\ \ scheduling it onto zone1(zone2) would make the ActualSkew(2-0)\ \ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming\ \ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,\ \ it is used to give higher precedence to topologies that satisfy\ \ it. It's a required field. Default value is 1 and 0 is not\ \ allowed." format: "int32" type: "integer" topologyKey: description: "TopologyKey is the key of node labels. Nodes that\ \ have a label with this key and identical values are considered\ \ to be in the same topology. We consider each \ \ as a \"bucket\", and try to put balanced number of pods into\ \ each bucket. It's a required field." type: "string" whenUnsatisfiable: description: "WhenUnsatisfiable indicates how to deal with a pod\ \ if it doesn't satisfy the spread constraint. - DoNotSchedule\ \ (default) tells the scheduler not to schedule it. - ScheduleAnyway\ \ tells the scheduler to schedule the pod in any location,\n\ \ but giving higher precedence to topologies that would help\ \ reduce the\n skew.\nA constraint is considered \"Unsatisfiable\"\ \ for an incoming pod if and only if every possible node assigment\ \ for that pod would violate \"MaxSkew\" on some topology. For\ \ example, in a 3-zone cluster, MaxSkew is set to 1, and pods\ \ with the same labelSelector spread as 3/1/1: | zone1 | zone2\ \ | zone3 | | P P P | P | P | If WhenUnsatisfiable is\ \ set to DoNotSchedule, incoming pod can only be scheduled to\ \ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on\ \ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster\ \ can still be imbalanced, but scheduler won't make it *more*\ \ imbalanced. It's a required field." type: "string" required: - "maxSkew" - "topologyKey" - "whenUnsatisfiable" type: "object" type: "array" volumeClaimTemplates: description: "Volume claim templates for the stateful set (if the controller\ \ is a STS)" items: description: "PersistentVolumeClaim is a user's request for and claim\ \ to a persistent volume" example: metadata: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" apiVersion: "apiVersion" kind: "kind" spec: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: apiVersion: description: "APIVersion defines the versioned schema of this\ \ representation of an object. Servers should convert recognized\ \ schemas to the latest internal value, and may reject unrecognized\ \ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: description: "Kind is a string value representing the REST resource\ \ this object represents. Servers may infer this from the endpoint\ \ the client submits requests to. Cannot be updated. In CamelCase.\ \ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: description: "ObjectMeta is metadata that all persisted resources\ \ must have, which includes all objects users must create." example: generation: 6 finalizers: - "finalizers" - "finalizers" resourceVersion: "resourceVersion" annotations: key: "annotations" generateName: "generateName" deletionTimestamp: "2000-01-23T04:56:07.000+00:00" labels: key: "labels" ownerReferences: - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true - uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true selfLink: "selfLink" deletionGracePeriodSeconds: 0 uid: "uid" managedFields: - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" - apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" clusterName: "clusterName" creationTimestamp: "2000-01-23T04:56:07.000+00:00" name: "name" namespace: "namespace" properties: annotations: additionalProperties: type: "string" description: "Annotations is an unstructured key value map\ \ stored with a resource that may be set by external tools\ \ to store and retrieve arbitrary metadata. They are not\ \ queryable and should be preserved when modifying objects.\ \ More info: http://kubernetes.io/docs/user-guide/annotations" type: "object" clusterName: description: "The name of the cluster which the object belongs\ \ to. This is used to distinguish resources with same name\ \ and namespace in different clusters. This field is not\ \ set anywhere right now and apiserver is going to ignore\ \ it if set in create or update request." type: "string" creationTimestamp: description: "CreationTimestamp is a timestamp representing\ \ the server time when this object was created. It is not\ \ guaranteed to be set in happens-before order across separate\ \ operations. Clients may not set this value. It is represented\ \ in RFC3339 form and is in UTC.\n\nPopulated by the system.\ \ Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" format: "date-time" type: "string" deletionGracePeriodSeconds: description: "Number of seconds allowed for this object to\ \ gracefully terminate before it will be removed from the\ \ system. Only set when deletionTimestamp is also set. May\ \ only be shortened. Read-only." format: "int64" type: "integer" deletionTimestamp: description: "DeletionTimestamp is RFC 3339 date and time\ \ at which this resource will be deleted. This field is\ \ set by the server when a graceful deletion is requested\ \ by the user, and is not directly settable by a client.\ \ The resource is expected to be deleted (no longer visible\ \ from resource lists, and not reachable by name) after\ \ the time in this field, once the finalizers list is empty.\ \ As long as the finalizers list contains items, deletion\ \ is blocked. Once the deletionTimestamp is set, this value\ \ may not be unset or be set further into the future, although\ \ it may be shortened or the resource may be deleted prior\ \ to this time. For example, a user may request that a pod\ \ is deleted in 30 seconds. The Kubelet will react by sending\ \ a graceful termination signal to the containers in the\ \ pod. After that 30 seconds, the Kubelet will send a hard\ \ termination signal (SIGKILL) to the container and after\ \ cleanup, remove the pod from the API. In the presence\ \ of network partitions, this object may still exist after\ \ this timestamp, until an administrator or automated process\ \ can determine the resource is fully terminated. If not\ \ set, graceful deletion of the object has not been requested.\n\ \nPopulated by the system when a graceful deletion is requested.\ \ Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" format: "date-time" type: "string" finalizers: description: "Must be empty before the object is deleted from\ \ the registry. Each entry is an identifier for the responsible\ \ component that will remove the entry from the list. If\ \ the deletionTimestamp of the object is non-nil, entries\ \ in this list can only be removed. Finalizers may be processed\ \ and removed in any order. Order is NOT enforced because\ \ it introduces significant risk of stuck finalizers. finalizers\ \ is a shared field, any actor with permission can reorder\ \ it. If the finalizer list is processed in order, then\ \ this can lead to a situation in which the component responsible\ \ for the first finalizer in the list is waiting for a signal\ \ (field value, external system, or other) produced by a\ \ component responsible for a finalizer later in the list,\ \ resulting in a deadlock. Without enforced ordering finalizers\ \ are free to order amongst themselves and are not vulnerable\ \ to ordering changes in the list." items: type: "string" type: "array" generateName: description: "GenerateName is an optional prefix, used by\ \ the server, to generate a unique name ONLY IF the Name\ \ field has not been provided. If this field is used, the\ \ name returned to the client will be different than the\ \ name passed. This value will also be combined with a unique\ \ suffix. The provided value has the same validation rules\ \ as the Name field, and may be truncated by the length\ \ of the suffix required to make the value unique on the\ \ server.\n\nIf this field is specified and the generated\ \ name exists, the server will NOT return a 409 - instead,\ \ it will either return 201 Created or 500 with Reason ServerTimeout\ \ indicating a unique name could not be found in the time\ \ allotted, and the client should retry (optionally after\ \ the time indicated in the Retry-After header).\n\nApplied\ \ only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" type: "string" generation: description: "A sequence number representing a specific generation\ \ of the desired state. Populated by the system. Read-only." format: "int64" type: "integer" labels: additionalProperties: type: "string" description: "Map of string keys and values that can be used\ \ to organize and categorize (scope and select) objects.\ \ May match selectors of replication controllers and services.\ \ More info: http://kubernetes.io/docs/user-guide/labels" type: "object" managedFields: description: "ManagedFields maps workflow-id and version to\ \ the set of fields that are managed by that workflow. This\ \ is mostly for internal housekeeping, and users typically\ \ shouldn't need to set or understand this field. A workflow\ \ can be the user's name, a controller's name, or the name\ \ of a specific apply path like \"ci-cd\". The set of fields\ \ is always in the version that the workflow used when modifying\ \ the object." items: description: "ManagedFieldsEntry is a workflow-id, a FieldSet\ \ and the group version of the resource that the fieldset\ \ applies to." example: apiVersion: "apiVersion" fieldsV1: "{}" manager: "manager" time: "2000-01-23T04:56:07.000+00:00" operation: "operation" fieldsType: "fieldsType" properties: apiVersion: description: "APIVersion defines the version of this\ \ resource that this field set applies to. The format\ \ is \"group/version\" just like the top-level APIVersion\ \ field. It is necessary to track the version of a\ \ field set because it cannot be automatically converted." type: "string" fieldsType: description: "FieldsType is the discriminator for the\ \ different fields format and version. There is currently\ \ only one possible value: \"FieldsV1\"" type: "string" fieldsV1: description: "FieldsV1 holds the first JSON version\ \ format as described in the \"FieldsV1\" type." type: "object" manager: description: "Manager is an identifier of the workflow\ \ managing these fields." type: "string" operation: description: "Operation is the type of operation which\ \ lead to this ManagedFieldsEntry being created. The\ \ only valid values for this field are 'Apply' and\ \ 'Update'." type: "string" time: description: "Time is timestamp of when these fields\ \ were set. It should always be empty if Operation\ \ is 'Apply'" format: "date-time" type: "string" type: "object" type: "array" name: description: "Name must be unique within a namespace. Is required\ \ when creating resources, although some resources may allow\ \ a client to request the generation of an appropriate name\ \ automatically. Name is primarily intended for creation\ \ idempotence and configuration definition. Cannot be updated.\ \ More info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" namespace: description: "Namespace defines the space within which each\ \ name must be unique. An empty namespace is equivalent\ \ to the \"default\" namespace, but \"default\" is the canonical\ \ representation. Not all objects are required to be scoped\ \ to a namespace - the value of this field for those objects\ \ will be empty.\n\nMust be a DNS_LABEL. Cannot be updated.\ \ More info: http://kubernetes.io/docs/user-guide/namespaces" type: "string" ownerReferences: description: "List of objects depended by this object. If\ \ ALL objects in the list have been deleted, this object\ \ will be garbage collected. If this object is managed by\ \ a controller, then an entry in this list will point to\ \ this controller, with the controller field set to true.\ \ There cannot be more than one managing controller." items: description: "OwnerReference contains enough information\ \ to let you identify an owning object. An owning object\ \ must be in the same namespace as the dependent, or be\ \ cluster-scoped, so there is no namespace field." example: uid: "uid" controller: true apiVersion: "apiVersion" kind: "kind" name: "name" blockOwnerDeletion: true properties: apiVersion: description: "API version of the referent." type: "string" blockOwnerDeletion: description: "If true, AND if the owner has the \"foregroundDeletion\"\ \ finalizer, then the owner cannot be deleted from\ \ the key-value store until this reference is removed.\ \ Defaults to false. To set this field, a user needs\ \ \"delete\" permission of the owner, otherwise 422\ \ (Unprocessable Entity) will be returned." type: "boolean" controller: description: "If true, this reference points to the\ \ managing controller." type: "boolean" kind: description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: description: "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" uid: description: "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" type: "string" required: - "apiVersion" - "kind" - "name" - "uid" type: "object" type: "array" resourceVersion: description: "An opaque value that represents the internal\ \ version of this object that can be used by clients to\ \ determine when objects have changed. May be used for optimistic\ \ concurrency, change detection, and the watch operation\ \ on a resource or set of resources. Clients must treat\ \ these values as opaque and passed unmodified back to the\ \ server. They may only be valid for a particular resource\ \ or set of resources.\n\nPopulated by the system. Read-only.\ \ Value must be treated as opaque by clients and . More\ \ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" selfLink: description: "SelfLink is a URL representing this object.\ \ Populated by the system. Read-only.\n\nDEPRECATED Kubernetes\ \ will stop propagating this field in 1.20 release and the\ \ field is planned to be removed in 1.21 release." type: "string" uid: description: "UID is the unique in time and space value for\ \ this object. It is typically generated by the server on\ \ successful creation of a resource and is not allowed to\ \ change on PUT operations.\n\nPopulated by the system.\ \ Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" type: "string" type: "object" spec: description: "PersistentVolumeClaimSpec describes the common attributes\ \ of storage devices and allows a Source for provider-specific\ \ attributes" example: storageClassName: "storageClassName" volumeName: "volumeName" resources: requests: {} limits: {} selector: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" accessModes: - "accessModes" - "accessModes" dataSource: apiGroup: "apiGroup" kind: "kind" name: "name" volumeMode: "volumeMode" properties: accessModes: description: "AccessModes contains the desired access modes\ \ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: description: "TypedLocalObjectReference contains enough information\ \ to let you locate the typed referenced object inside the\ \ same namespace." example: apiGroup: "apiGroup" kind: "kind" name: "name" properties: apiGroup: description: "APIGroup is the group for the resource being\ \ referenced. If APIGroup is not specified, the specified\ \ Kind must be in the core API group. For any other\ \ third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" type: "string" name: description: "Name is the name of resource being referenced" type: "string" required: - "kind" - "name" type: "object" resources: description: "ResourceRequirements describes the compute resource\ \ requirements." example: requests: {} limits: {} properties: limits: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that\ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | .\ \ | . ::= \"+\" | \"-\"\ \ ::= | \ \ ::= | \ \ | ::= Ki | Mi | Gi\ \ | Ti | Pi | Ei\n (International System of units;\ \ See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P\ \ | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n ::=\ \ \"e\" | \"E\" \n\n\ No matter which of the three exponent forms is used,\ \ no quantity may represent a number greater than\ \ 2^63-1 in magnitude, nor may it have more than 3\ \ decimal places. Numbers larger or more precise will\ \ be capped or rounded up. (E.g.: 0.1m will rounded\ \ up to 1m.) This may be extended in the future if\ \ we require larger or smaller quantities.\n\nWhen\ \ a Quantity is parsed from a string, it will remember\ \ the type of suffix it had, and will use the same\ \ type again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\". This\ \ means that Exponent/suffix will be adjusted up or\ \ down (with a corresponding increase or decrease\ \ in Mantissa) such that:\n a. No precision is lost\n\ \ b. No fractional digits will be emitted\n c. The\ \ exponent (or suffix) is as large as possible.\n\ The sign will be omitted unless the number is negative.\n\ \nExamples:\n 1.5 will be serialized as \"1500m\"\ \n 1.5Gi will be serialized as \"1536Mi\"\n\nNote\ \ that the quantity will NEVER be internally represented\ \ by a floating point number. That is the whole point\ \ of this exercise.\n\nNon-canonical values will still\ \ parse as long as they are well formed, but will\ \ be re-emitted in their canonical form. (So always\ \ use canonical form, or don't diff.)\n\nThis format\ \ is intended to make it difficult to use these numbers\ \ without writing some sort of special handling code\ \ in the hopes that that will cause implementors to\ \ also use a fixed point implementation." format: "quantity" type: "string" description: "Limits describes the maximum amount of compute\ \ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" requests: additionalProperties: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that\ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | .\ \ | . ::= \"+\" | \"-\"\ \ ::= | \ \ ::= | \ \ | ::= Ki | Mi | Gi\ \ | Ti | Pi | Ei\n (International System of units;\ \ See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P\ \ | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n ::=\ \ \"e\" | \"E\" \n\n\ No matter which of the three exponent forms is used,\ \ no quantity may represent a number greater than\ \ 2^63-1 in magnitude, nor may it have more than 3\ \ decimal places. Numbers larger or more precise will\ \ be capped or rounded up. (E.g.: 0.1m will rounded\ \ up to 1m.) This may be extended in the future if\ \ we require larger or smaller quantities.\n\nWhen\ \ a Quantity is parsed from a string, it will remember\ \ the type of suffix it had, and will use the same\ \ type again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\". This\ \ means that Exponent/suffix will be adjusted up or\ \ down (with a corresponding increase or decrease\ \ in Mantissa) such that:\n a. No precision is lost\n\ \ b. No fractional digits will be emitted\n c. The\ \ exponent (or suffix) is as large as possible.\n\ The sign will be omitted unless the number is negative.\n\ \nExamples:\n 1.5 will be serialized as \"1500m\"\ \n 1.5Gi will be serialized as \"1536Mi\"\n\nNote\ \ that the quantity will NEVER be internally represented\ \ by a floating point number. That is the whole point\ \ of this exercise.\n\nNon-canonical values will still\ \ parse as long as they are well formed, but will\ \ be re-emitted in their canonical form. (So always\ \ use canonical form, or don't diff.)\n\nThis format\ \ is intended to make it difficult to use these numbers\ \ without writing some sort of special handling code\ \ in the hopes that that will cause implementors to\ \ also use a fixed point implementation." format: "quantity" type: "string" description: "Requests describes the minimum amount of\ \ compute resources required. If Requests is omitted\ \ for a container, it defaults to Limits if that is\ \ explicitly specified, otherwise to an implementation-defined\ \ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" type: "object" selector: description: "A label selector is a label query over a set\ \ of resources. The result of matchLabels and matchExpressions\ \ are ANDed. An empty label selector matches all objects.\ \ A null label selector matches no objects." example: matchExpressions: - values: - "values" - "values" key: "key" operator: "operator" - values: - "values" - "values" key: "key" operator: "operator" matchLabels: key: "matchLabels" properties: matchExpressions: description: "matchExpressions is a list of label selector\ \ requirements. The requirements are ANDed." items: description: "A label selector requirement is a selector\ \ that contains values, a key, and an operator that\ \ relates the key and values." example: values: - "values" - "values" key: "key" operator: "operator" properties: key: description: "key is the label key that the selector\ \ applies to." type: "string" operator: description: "operator represents a key's relationship\ \ to a set of values. Valid operators are In,\ \ NotIn, Exists and DoesNotExist." type: "string" values: description: "values is an array of string values.\ \ If the operator is In or NotIn, the values array\ \ must be non-empty. If the operator is Exists\ \ or DoesNotExist, the values array must be empty.\ \ This array is replaced during a strategic merge\ \ patch." items: type: "string" type: "array" required: - "key" - "operator" type: "object" type: "array" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs.\ \ A single {key,value} in the matchLabels map is equivalent\ \ to an element of matchExpressions, whose key field\ \ is \"key\", the operator is \"In\", and the values\ \ array contains only \"value\". The requirements are\ \ ANDed." type: "object" type: "object" storageClassName: description: "Name of the StorageClass required by the claim.\ \ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: description: "volumeMode defines what type of volume is required\ \ by the claim. Value of Filesystem is implied when not\ \ included in claim spec." type: "string" volumeName: description: "VolumeName is the binding reference to the PersistentVolume\ \ backing this claim." type: "string" type: "object" type: "object" type: "array" hivemqVersion: description: "Version of HiveMQ to deploy, when using the official image.\ \ When using a custom image, this corresponds to the image tag used." type: "string" javaOptions: description: "JAVA_OPTS to pass to the HiveMQ JVM" type: "string" configOverride: description: "Override the default template for the HiveMQ config.xml.\ \ Note that modifying this may lead to other fields in this schema\ \ not taking effect anymore." type: "string" listenerConfiguration: description: "The MQTT listener configuration below the \ \ tag. Add all your desired listeners here." type: "string" restApiConfiguration: description: "The REST API configuration. Ignored for versions <4.4.0" type: "string" logLevel: description: "HiveMQ root logger level. Only INFO and above is allowed\ \ for now." enum: - "INFO" - "DEBUG" - "TRACE" type: "string" labels: additionalProperties: type: "string" description: "Labels for the cluster" type: "object" sidecars: description: "Sidecar containers to run alongside HiveMQ" items: description: "A single application container that you want to run\ \ within a pod." example: volumeDevices: - devicePath: "devicePath" name: "name" - devicePath: "devicePath" name: "name" image: "image" imagePullPolicy: "imagePullPolicy" livenessProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" stdin: true terminationMessagePolicy: "terminationMessagePolicy" terminationMessagePath: "terminationMessagePath" workingDir: "workingDir" resources: requests: {} limits: {} securityContext: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true startupProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" env: - name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" ports: - protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 - protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 command: - "command" - "command" volumeMounts: - mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" - mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" args: - "args" - "args" lifecycle: postStart: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" preStop: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" name: "name" tty: true readinessProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" stdinOnce: true envFrom: - configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true - configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true properties: args: description: "Arguments to the entrypoint. The docker image's\ \ CMD is used if this is not provided. Variable references $(VAR_NAME)\ \ are expanded using the container's environment. If a variable\ \ cannot be resolved, the reference in the input string will\ \ be unchanged. The $(VAR_NAME) syntax can be escaped with a\ \ double $$, ie: $$(VAR_NAME). Escaped references will never\ \ be expanded, regardless of whether the variable exists or\ \ not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: description: "Entrypoint array. Not executed within a shell. The\ \ docker image's ENTRYPOINT is used if this is not provided.\ \ Variable references $(VAR_NAME) are expanded using the container's\ \ environment. If a variable cannot be resolved, the reference\ \ in the input string will be unchanged. The $(VAR_NAME) syntax\ \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ \ references will never be expanded, regardless of whether the\ \ variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: description: "List of environment variables to set in the container.\ \ Cannot be updated." items: description: "EnvVar represents an environment variable present\ \ in a Container." example: name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: name: description: "Name of the environment variable. Must be\ \ a C_IDENTIFIER." type: "string" value: description: "Variable references $(VAR_NAME) are expanded\ \ using the previous defined environment variables in\ \ the container and any service environment variables.\ \ If a variable cannot be resolved, the reference in the\ \ input string will be unchanged. The $(VAR_NAME) syntax\ \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ \ references will never be expanded, regardless of whether\ \ the variable exists or not. Defaults to \"\"." type: "string" valueFrom: description: "EnvVarSource represents a source for the value\ \ of an EnvVar." example: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: configMapKeyRef: description: "Selects a key from a ConfigMap." example: name: "name" optional: true key: "key" properties: key: description: "The key to select." type: "string" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its\ \ key must be defined" type: "boolean" required: - "key" type: "object" fieldRef: description: "ObjectFieldSelector selects an APIVersioned\ \ field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the FieldPath\ \ is written in terms of, defaults to \"v1\"." type: "string" fieldPath: description: "Path of the field to select in the\ \ specified API version." type: "string" required: - "fieldPath" type: "object" resourceFieldRef: description: "ResourceFieldSelector represents container\ \ resources (cpu, memory) and their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required for volumes,\ \ optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and\ \ AsInt64() accessors.\n\nThe serialization format\ \ is:\n\n ::= \n\ \ (Note that may be empty, from the\ \ \"\" case in .)\n \ \ ::= 0 | 1 | ... | 9 ::=\ \ | \ \ ::= | . | .\ \ | . ::= \"+\" | \"\ -\" ::= | \ \ ::= | \ \ | ::= Ki | Mi\ \ | Gi | Ti | Pi | Ei\n (International System\ \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T\ \ | P | E\n (Note that 1024 = 1Ki but 1000 =\ \ 1k; I didn't choose the capitalization.)\n\ \ ::= \"e\" | \"E\" \n\ \nNo matter which of the three exponent forms\ \ is used, no quantity may represent a number\ \ greater than 2^63-1 in magnitude, nor may it\ \ have more than 3 decimal places. Numbers larger\ \ or more precise will be capped or rounded up.\ \ (E.g.: 0.1m will rounded up to 1m.) This may\ \ be extended in the future if we require larger\ \ or smaller quantities.\n\nWhen a Quantity is\ \ parsed from a string, it will remember the type\ \ of suffix it had, and will use the same type\ \ again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\".\ \ This means that Exponent/suffix will be adjusted\ \ up or down (with a corresponding increase or\ \ decrease in Mantissa) such that:\n a. No precision\ \ is lost\n b. No fractional digits will be emitted\n\ \ c. The exponent (or suffix) is as large as\ \ possible.\nThe sign will be omitted unless the\ \ number is negative.\n\nExamples:\n 1.5 will\ \ be serialized as \"1500m\"\n 1.5Gi will be\ \ serialized as \"1536Mi\"\n\nNote that the quantity\ \ will NEVER be internally represented by a floating\ \ point number. That is the whole point of this\ \ exercise.\n\nNon-canonical values will still\ \ parse as long as they are well formed, but will\ \ be re-emitted in their canonical form. (So always\ \ use canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult to use\ \ these numbers without writing some sort of special\ \ handling code in the hopes that that will cause\ \ implementors to also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" secretKeyRef: description: "SecretKeySelector selects a key of a Secret." example: name: "name" optional: true key: "key" properties: key: description: "The key of the secret to select from.\ \ Must be a valid secret key." type: "string" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its\ \ key must be defined" type: "boolean" required: - "key" type: "object" type: "object" required: - "name" type: "object" type: "array" envFrom: description: "List of sources to populate environment variables\ \ in the container. The keys defined within a source must be\ \ a C_IDENTIFIER. All invalid keys will be reported as an event\ \ when the container is starting. When a key exists in multiple\ \ sources, the value associated with the last source will take\ \ precedence. Values defined by an Env with a duplicate key\ \ will take precedence. Cannot be updated." items: description: "EnvFromSource represents the source of a set of\ \ ConfigMaps" example: configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true properties: configMapRef: description: "ConfigMapEnvSource selects a ConfigMap to\ \ populate the environment variables with.\n\nThe contents\ \ of the target ConfigMap's Data field will represent\ \ the key-value pairs as environment variables." example: name: "name" optional: true properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be\ \ defined" type: "boolean" type: "object" prefix: description: "An optional identifier to prepend to each\ \ key in the ConfigMap. Must be a C_IDENTIFIER." type: "string" secretRef: description: "SecretEnvSource selects a Secret to populate\ \ the environment variables with.\n\nThe contents of the\ \ target Secret's Data field will represent the key-value\ \ pairs as environment variables." example: name: "name" optional: true properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" type: "boolean" type: "object" type: "object" type: "array" image: description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images\ \ This field is optional to allow higher level config management\ \ to default or override container images in workload controllers\ \ like Deployments and StatefulSets." type: "string" imagePullPolicy: description: "Image pull policy. One of Always, Never, IfNotPresent.\ \ Defaults to Always if :latest tag is specified, or IfNotPresent\ \ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: description: "Lifecycle describes actions that the management\ \ system should take in response to container lifecycle events.\ \ For the PostStart and PreStop lifecycle handlers, management\ \ of the container blocks until the action is complete, unless\ \ the container process fails, in which case the handler is\ \ aborted." example: postStart: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" preStop: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: postStart: description: "Handler defines a specific action that should\ \ be taken" example: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's\ \ filesystem. The command is simply exec'd, it is\ \ not run inside a shell, so traditional shell instructions\ \ ('|', etc) won't work. To use a shell, you need\ \ to explicitly call out to that shell. Exit status\ \ of 0 is treated as live/healthy and non-zero is\ \ unhealthy." items: type: "string" type: "array" type: "object" httpGet: description: "HTTPGetAction describes an action based\ \ on HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to\ \ the pod IP. You probably want to set \"Host\"\ \ in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or YAML\ \ marshalling and unmarshalling, it produces or\ \ consumes the inner type. This allows you to have,\ \ for example, a JSON field that can accept a name\ \ or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the\ \ host. Defaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or YAML\ \ marshalling and unmarshalling, it produces or\ \ consumes the inner type. This allows you to have,\ \ for example, a JSON field that can accept a name\ \ or number." format: "int-or-string" type: "string" required: - "port" type: "object" type: "object" preStop: description: "Handler defines a specific action that should\ \ be taken" example: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's\ \ filesystem. The command is simply exec'd, it is\ \ not run inside a shell, so traditional shell instructions\ \ ('|', etc) won't work. To use a shell, you need\ \ to explicitly call out to that shell. Exit status\ \ of 0 is treated as live/healthy and non-zero is\ \ unhealthy." items: type: "string" type: "array" type: "object" httpGet: description: "HTTPGetAction describes an action based\ \ on HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to\ \ the pod IP. You probably want to set \"Host\"\ \ in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or YAML\ \ marshalling and unmarshalling, it produces or\ \ consumes the inner type. This allows you to have,\ \ for example, a JSON field that can accept a name\ \ or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the\ \ host. Defaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or YAML\ \ marshalling and unmarshalling, it produces or\ \ consumes the inner type. This allows you to have,\ \ for example, a JSON field that can accept a name\ \ or number." format: "int-or-string" type: "string" required: - "port" type: "object" type: "object" type: "object" livenessProbe: description: "Probe describes a health check to be performed against\ \ a container to determine whether it is alive or ready to receive\ \ traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute inside\ \ the container, the working directory for the command\ \ is root ('/') in the container's filesystem. The\ \ command is simply exec'd, it is not run inside a shell,\ \ so traditional shell instructions ('|', etc) won't\ \ work. To use a shell, you need to explicitly call\ \ out to that shell. Exit status of 0 is treated as\ \ live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to\ \ be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on HTTP\ \ Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP\ \ allows repeated headers." items: description: "HTTPHeader describes a custom header to\ \ be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has started\ \ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based on\ \ opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: description: "Name of the container specified as a DNS_LABEL.\ \ Each container in a pod must have a unique name (DNS_LABEL).\ \ Cannot be updated." type: "string" ports: description: "List of ports to expose from the container. Exposing\ \ a port here gives the system additional information about\ \ the network connections a container uses, but is primarily\ \ informational. Not specifying a port here DOES NOT prevent\ \ that port from being exposed. Any port which is listening\ \ on the default \"0.0.0.0\" address inside a container will\ \ be accessible from the network. Cannot be updated." items: description: "ContainerPort represents a network port in a single\ \ container." example: protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 properties: containerPort: description: "Number of port to expose on the pod's IP address.\ \ This must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: description: "Number of port to expose on the host. If specified,\ \ this must be a valid port number, 0 < x < 65536. If\ \ HostNetwork is specified, this must match ContainerPort.\ \ Most containers do not need this." format: "int32" type: "integer" name: description: "If specified, this must be an IANA_SVC_NAME\ \ and unique within the pod. Each named port in a pod\ \ must have a unique name. Name for the port that can\ \ be referred to by services." type: "string" protocol: description: "Protocol for port. Must be UDP, TCP, or SCTP.\ \ Defaults to \"TCP\"." type: "string" required: - "containerPort" - "protocol" type: "object" type: "array" x-kubernetes-list-map-keys: - "containerPort" - "protocol" x-kubernetes-list-type: "map" readinessProbe: description: "Probe describes a health check to be performed against\ \ a container to determine whether it is alive or ready to receive\ \ traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute inside\ \ the container, the working directory for the command\ \ is root ('/') in the container's filesystem. The\ \ command is simply exec'd, it is not run inside a shell,\ \ so traditional shell instructions ('|', etc) won't\ \ work. To use a shell, you need to explicitly call\ \ out to that shell. Exit status of 0 is treated as\ \ live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to\ \ be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on HTTP\ \ Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP\ \ allows repeated headers." items: description: "HTTPHeader describes a custom header to\ \ be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has started\ \ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based on\ \ opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" resources: description: "ResourceRequirements describes the compute resource\ \ requirements." example: requests: {} limits: {} properties: limits: additionalProperties: description: "Quantity is a fixed-point representation of\ \ a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | ::=\ \ | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | ::=\ \ | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P | E\n\ \ (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose\ \ the capitalization.)\n ::= \"e\" \ \ | \"E\" \n\nNo matter which of the three\ \ exponent forms is used, no quantity may represent a\ \ number greater than 2^63-1 in magnitude, nor may it\ \ have more than 3 decimal places. Numbers larger or more\ \ precise will be capped or rounded up. (E.g.: 0.1m will\ \ rounded up to 1m.) This may be extended in the future\ \ if we require larger or smaller quantities.\n\nWhen\ \ a Quantity is parsed from a string, it will remember\ \ the type of suffix it had, and will use the same type\ \ again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted up or down (with\ \ a corresponding increase or decrease in Mantissa) such\ \ that:\n a. No precision is lost\n b. No fractional\ \ digits will be emitted\n c. The exponent (or suffix)\ \ is as large as possible.\nThe sign will be omitted unless\ \ the number is negative.\n\nExamples:\n 1.5 will be\ \ serialized as \"1500m\"\n 1.5Gi will be serialized\ \ as \"1536Mi\"\n\nNote that the quantity will NEVER be\ \ internally represented by a floating point number. That\ \ is the whole point of this exercise.\n\nNon-canonical\ \ values will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis format\ \ is intended to make it difficult to use these numbers\ \ without writing some sort of special handling code in\ \ the hopes that that will cause implementors to also\ \ use a fixed point implementation." format: "quantity" type: "string" description: "Limits describes the maximum amount of compute\ \ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" requests: additionalProperties: description: "Quantity is a fixed-point representation of\ \ a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | ::=\ \ | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | ::=\ \ | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P | E\n\ \ (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose\ \ the capitalization.)\n ::= \"e\" \ \ | \"E\" \n\nNo matter which of the three\ \ exponent forms is used, no quantity may represent a\ \ number greater than 2^63-1 in magnitude, nor may it\ \ have more than 3 decimal places. Numbers larger or more\ \ precise will be capped or rounded up. (E.g.: 0.1m will\ \ rounded up to 1m.) This may be extended in the future\ \ if we require larger or smaller quantities.\n\nWhen\ \ a Quantity is parsed from a string, it will remember\ \ the type of suffix it had, and will use the same type\ \ again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted up or down (with\ \ a corresponding increase or decrease in Mantissa) such\ \ that:\n a. No precision is lost\n b. No fractional\ \ digits will be emitted\n c. The exponent (or suffix)\ \ is as large as possible.\nThe sign will be omitted unless\ \ the number is negative.\n\nExamples:\n 1.5 will be\ \ serialized as \"1500m\"\n 1.5Gi will be serialized\ \ as \"1536Mi\"\n\nNote that the quantity will NEVER be\ \ internally represented by a floating point number. That\ \ is the whole point of this exercise.\n\nNon-canonical\ \ values will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis format\ \ is intended to make it difficult to use these numbers\ \ without writing some sort of special handling code in\ \ the hopes that that will cause implementors to also\ \ use a fixed point implementation." format: "quantity" type: "string" description: "Requests describes the minimum amount of compute\ \ resources required. If Requests is omitted for a container,\ \ it defaults to Limits if that is explicitly specified,\ \ otherwise to an implementation-defined value. More info:\ \ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" type: "object" securityContext: description: "SecurityContext holds security configuration that\ \ will be applied to a container. Some fields are present in\ \ both SecurityContext and PodSecurityContext. When both are\ \ set, the values in SecurityContext take precedence." example: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true properties: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a\ \ process can gain more privileges than its parent process.\ \ This bool directly controls if the no_new_privs flag will\ \ be set on the container process. AllowPrivilegeEscalation\ \ is true always when the container is: 1) run as Privileged\ \ 2) has CAP_SYS_ADMIN" type: "boolean" capabilities: description: "Adds and removes POSIX capabilities from running\ \ containers." example: add: - "add" - "add" drop: - "drop" - "drop" properties: add: description: "Added capabilities" items: type: "string" type: "array" drop: description: "Removed capabilities" items: type: "string" type: "array" type: "object" privileged: description: "Run container in privileged mode. Processes\ \ in privileged containers are essentially equivalent to\ \ root on the host. Defaults to false." type: "boolean" procMount: description: "procMount denotes the type of proc mount to\ \ use for the containers. The default is DefaultProcMount\ \ which uses the container runtime defaults for readonly\ \ paths and masked paths. This requires the ProcMountType\ \ feature flag to be enabled." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root\ \ filesystem. Default is false." type: "boolean" runAsGroup: description: "The GID to run the entrypoint of the container\ \ process. Uses runtime default if unset. May also be set\ \ in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." format: "int64" type: "integer" runAsNonRoot: description: "Indicates that the container must run as a non-root\ \ user. If true, the Kubelet will validate the image at\ \ runtime to ensure that it does not run as UID 0 (root)\ \ and fail to start the container if it does. If unset or\ \ false, no such validation will be performed. May also\ \ be set in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." type: "boolean" runAsUser: description: "The UID to run the entrypoint of the container\ \ process. Defaults to user specified in image metadata\ \ if unspecified. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext,\ \ the value specified in SecurityContext takes precedence." format: "int64" type: "integer" seLinuxOptions: description: "SELinuxOptions are the labels to be applied\ \ to the container" example: role: "role" level: "level" type: "type" user: "user" properties: level: description: "Level is SELinux level label that applies\ \ to the container." type: "string" role: description: "Role is a SELinux role label that applies\ \ to the container." type: "string" type: description: "Type is a SELinux type label that applies\ \ to the container." type: "string" user: description: "User is a SELinux user label that applies\ \ to the container." type: "string" type: "object" seccompProfile: description: "SeccompProfile defines a pod/container's seccomp\ \ profile settings. Only one profile source may be set." example: localhostProfile: "localhostProfile" type: "type" properties: localhostProfile: description: "localhostProfile indicates a profile defined\ \ in a file on the node should be used. The profile\ \ must be preconfigured on the node to work. Must be\ \ a descending path, relative to the kubelet's configured\ \ seccomp profile location. Must only be set if type\ \ is \"Localhost\"." type: "string" type: description: "type indicates which kind of seccomp profile\ \ will be applied. Valid options are:\n\nLocalhost -\ \ a profile defined in a file on the node should be\ \ used. RuntimeDefault - the container runtime default\ \ profile should be used. Unconfined - no profile should\ \ be applied." type: "string" required: - "type" type: "object" windowsOptions: description: "WindowsSecurityContextOptions contain Windows-specific\ \ options and credentials." example: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" properties: gmsaCredentialSpec: description: "GMSACredentialSpec is where the GMSA admission\ \ webhook (https://github.com/kubernetes-sigs/windows-gmsa)\ \ inlines the contents of the GMSA credential spec named\ \ by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the\ \ GMSA credential spec to use." type: "string" runAsUserName: description: "The UserName in Windows to run the entrypoint\ \ of the container process. Defaults to the user specified\ \ in image metadata if unspecified. May also be set\ \ in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." type: "string" type: "object" type: "object" startupProbe: description: "Probe describes a health check to be performed against\ \ a container to determine whether it is alive or ready to receive\ \ traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute inside\ \ the container, the working directory for the command\ \ is root ('/') in the container's filesystem. The\ \ command is simply exec'd, it is not run inside a shell,\ \ so traditional shell instructions ('|', etc) won't\ \ work. To use a shell, you need to explicitly call\ \ out to that shell. Exit status of 0 is treated as\ \ live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to\ \ be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on HTTP\ \ Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP\ \ allows repeated headers." items: description: "HTTPHeader describes a custom header to\ \ be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has started\ \ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based on\ \ opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: description: "Whether this container should allocate a buffer\ \ for stdin in the container runtime. If this is not set, reads\ \ from stdin in the container will always result in EOF. Default\ \ is false." type: "boolean" stdinOnce: description: "Whether the container runtime should close the stdin\ \ channel after it has been opened by a single attach. When\ \ stdin is true the stdin stream will remain open across multiple\ \ attach sessions. If stdinOnce is set to true, stdin is opened\ \ on container start, is empty until the first client attaches\ \ to stdin, and then remains open and accepts data until the\ \ client disconnects, at which time stdin is closed and remains\ \ closed until the container is restarted. If this flag is false,\ \ a container processes that reads from stdin will never receive\ \ an EOF. Default is false" type: "boolean" terminationMessagePath: description: "Optional: Path at which the file to which the container's\ \ termination message will be written is mounted into the container's\ \ filesystem. Message written is intended to be brief final\ \ status, such as an assertion failure message. Will be truncated\ \ by the node if greater than 4096 bytes. The total message\ \ length across all containers will be limited to 12kb. Defaults\ \ to /dev/termination-log. Cannot be updated." type: "string" terminationMessagePolicy: description: "Indicate how the termination message should be populated.\ \ File will use the contents of terminationMessagePath to populate\ \ the container status message on both success and failure.\ \ FallbackToLogsOnError will use the last chunk of container\ \ log output if the termination message file is empty and the\ \ container exited with an error. The log output is limited\ \ to 2048 bytes or 80 lines, whichever is smaller. Defaults\ \ to File. Cannot be updated." type: "string" tty: description: "Whether this container should allocate a TTY for\ \ itself, also requires 'stdin' to be true. Default is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be\ \ used by the container." items: description: "volumeDevice describes a mapping of a raw block\ \ device within a container." example: devicePath: "devicePath" name: "name" properties: devicePath: description: "devicePath is the path inside of the container\ \ that the device will be mapped to." type: "string" name: description: "name must match the name of a persistentVolumeClaim\ \ in the pod" type: "string" required: - "devicePath" - "name" type: "object" type: "array" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\ \ Cannot be updated." items: description: "VolumeMount describes a mounting of a Volume within\ \ a container." example: mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" properties: mountPath: description: "Path within the container at which the volume\ \ should be mounted. Must not contain ':'." type: "string" mountPropagation: description: "mountPropagation determines how mounts are\ \ propagated from the host to container and the other\ \ way around. When not set, MountPropagationNone is used.\ \ This field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: description: "Mounted read-only if true, read-write otherwise\ \ (false or unspecified). Defaults to false." type: "boolean" subPath: description: "Path within the volume from which the container's\ \ volume should be mounted. Defaults to \"\" (volume's\ \ root)." type: "string" subPathExpr: description: "Expanded path within the volume from which\ \ the container's volume should be mounted. Behaves similarly\ \ to SubPath but environment variable references $(VAR_NAME)\ \ are expanded using the container's environment. Defaults\ \ to \"\" (volume's root). SubPathExpr and SubPath are\ \ mutually exclusive." type: "string" required: - "mountPath" - "name" type: "object" type: "array" workingDir: description: "Container's working directory. If not specified,\ \ the container runtime's default will be used, which might\ \ be configured in the container image. Cannot be updated." type: "string" required: - "name" type: "object" type: "array" env: description: "Additional environment variables for the cluster" items: description: "EnvVar represents an environment variable present in\ \ a Container." example: name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: name: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: description: "Variable references $(VAR_NAME) are expanded using\ \ the previous defined environment variables in the container\ \ and any service environment variables. If a variable cannot\ \ be resolved, the reference in the input string will be unchanged.\ \ The $(VAR_NAME) syntax can be escaped with a double $$, ie:\ \ $$(VAR_NAME). Escaped references will never be expanded, regardless\ \ of whether the variable exists or not. Defaults to \"\"." type: "string" valueFrom: description: "EnvVarSource represents a source for the value of\ \ an EnvVar." example: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: configMapKeyRef: description: "Selects a key from a ConfigMap." example: name: "name" optional: true key: "key" properties: key: description: "The key to select." type: "string" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key\ \ must be defined" type: "boolean" required: - "key" type: "object" fieldRef: description: "ObjectFieldSelector selects an APIVersioned\ \ field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the FieldPath is written\ \ in terms of, defaults to \"v1\"." type: "string" fieldPath: description: "Path of the field to select in the specified\ \ API version." type: "string" required: - "fieldPath" type: "object" resourceFieldRef: description: "ResourceFieldSelector represents container resources\ \ (cpu, memory) and their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required for volumes, optional\ \ for env vars" type: "string" divisor: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | \ \ ::= | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | \ \ ::= | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P |\ \ E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't\ \ choose the capitalization.)\n ::=\ \ \"e\" | \"E\" \n\nNo\ \ matter which of the three exponent forms is used,\ \ no quantity may represent a number greater than 2^63-1\ \ in magnitude, nor may it have more than 3 decimal\ \ places. Numbers larger or more precise will be capped\ \ or rounded up. (E.g.: 0.1m will rounded up to 1m.)\ \ This may be extended in the future if we require larger\ \ or smaller quantities.\n\nWhen a Quantity is parsed\ \ from a string, it will remember the type of suffix\ \ it had, and will use the same type again when it is\ \ serialized.\n\nBefore serializing, Quantity will be\ \ put in \"canonical form\". This means that Exponent/suffix\ \ will be adjusted up or down (with a corresponding\ \ increase or decrease in Mantissa) such that:\n a.\ \ No precision is lost\n b. No fractional digits will\ \ be emitted\n c. The exponent (or suffix) is as large\ \ as possible.\nThe sign will be omitted unless the\ \ number is negative.\n\nExamples:\n 1.5 will be serialized\ \ as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\ \n\nNote that the quantity will NEVER be internally\ \ represented by a floating point number. That is the\ \ whole point of this exercise.\n\nNon-canonical values\ \ will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult to use these\ \ numbers without writing some sort of special handling\ \ code in the hopes that that will cause implementors\ \ to also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" secretKeyRef: description: "SecretKeySelector selects a key of a Secret." example: name: "name" optional: true key: "key" properties: key: description: "The key of the secret to select from. Must\ \ be a valid secret key." type: "string" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must\ \ be defined" type: "boolean" required: - "key" type: "object" type: "object" required: - "name" type: "object" type: "array" configMaps: description: "Hot-reloadable config map or statically mapped configuration" items: properties: name: type: "string" path: description: "Target path at which to mount/place this configuration.\ \ Can be 'none' to only define as volume, to use the ConfigMap\ \ for sidecars." type: "string" static: description: "Whether this configuration must lead to a restart\ \ of the broker (true) or can be re-loaded at run-time (false)" type: "boolean" required: - "name" - "path" type: "object" type: "array" extensions: description: "Description of all extensions and their (desired) states" items: properties: name: description: "Unique, descriptive name for the extension folder" type: "string" enabled: description: "Whether this extension should be enabled" type: "boolean" configMap: description: "ConfigMap that contains configuration files for\ \ this extension" type: "string" static: description: "Whether configuration changes should lead to a rolling\ \ disable/enable instead of hot-reload" type: "boolean" extensionUri: description: "HTTP URI to download the extension from (as .zip\ \ distribution). Set to 'preinstalled' if the extension to be\ \ managed is statically built into the container." type: "string" offline: description: "Whether the individual HiveMQ nodes being updated\ \ with a new extension version should be taken offline (i.e.\ \ removed from load-balancers) during the update" type: "boolean" initialization: description: "Initialization script to run when installing this\ \ extension. This will be executed with the working directory\ \ as the extension folder. Must be idempotent as it will be\ \ run on every update as well." type: "string" updateStrategy: description: "In what manner to perform extension updates" enum: - "serial" - "parallel" type: "string" required: - "name" type: "object" type: "array" podSecurityContext: description: "PodSecurityContext holds pod-level security attributes\ \ and common container settings. Some fields are also present in container.securityContext.\ \ Field values of container.securityContext take precedence over\ \ field values of PodSecurityContext." example: runAsUser: 6 seLinuxOptions: role: "role" level: "level" type: "type" user: "user" fsGroup: 1 seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" fsGroupChangePolicy: "fsGroupChangePolicy" supplementalGroups: - 7 - 7 runAsGroup: 1 runAsNonRoot: true sysctls: - name: "name" value: "value" - name: "name" value: "value" properties: fsGroup: description: "A special supplemental group that applies to all containers\ \ in a pod. Some volume types allow the Kubelet to change the\ \ ownership of that volume to be owned by the pod:\n\n1. The owning\ \ GID will be the FSGroup 2. The setgid bit is set (new files\ \ created in the volume will be owned by FSGroup) 3. The permission\ \ bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not\ \ modify the ownership and permissions of any volume." format: "int64" type: "integer" fsGroupChangePolicy: description: "fsGroupChangePolicy defines behavior of changing ownership\ \ and permission of the volume before being exposed inside Pod.\ \ This field will only apply to volume types which support fsGroup\ \ based ownership(and permissions). It will have no effect on\ \ ephemeral volume types such as: secret, configmaps and emptydir.\ \ Valid values are \"OnRootMismatch\" and \"Always\". If not specified\ \ defaults to \"Always\"." type: "string" runAsGroup: description: "The GID to run the entrypoint of the container process.\ \ Uses runtime default if unset. May also be set in SecurityContext.\ \ If set in both SecurityContext and PodSecurityContext, the\ \ value specified in SecurityContext takes precedence for that\ \ container." format: "int64" type: "integer" runAsNonRoot: description: "Indicates that the container must run as a non-root\ \ user. If true, the Kubelet will validate the image at runtime\ \ to ensure that it does not run as UID 0 (root) and fail to start\ \ the container if it does. If unset or false, no such validation\ \ will be performed. May also be set in SecurityContext. If set\ \ in both SecurityContext and PodSecurityContext, the value specified\ \ in SecurityContext takes precedence." type: "boolean" runAsUser: description: "The UID to run the entrypoint of the container process.\ \ Defaults to user specified in image metadata if unspecified.\ \ May also be set in SecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence for that container." format: "int64" type: "integer" seLinuxOptions: description: "SELinuxOptions are the labels to be applied to the\ \ container" example: role: "role" level: "level" type: "type" user: "user" properties: level: description: "Level is SELinux level label that applies to the\ \ container." type: "string" role: description: "Role is a SELinux role label that applies to the\ \ container." type: "string" type: description: "Type is a SELinux type label that applies to the\ \ container." type: "string" user: description: "User is a SELinux user label that applies to the\ \ container." type: "string" type: "object" seccompProfile: description: "SeccompProfile defines a pod/container's seccomp profile\ \ settings. Only one profile source may be set." example: localhostProfile: "localhostProfile" type: "type" properties: localhostProfile: description: "localhostProfile indicates a profile defined in\ \ a file on the node should be used. The profile must be preconfigured\ \ on the node to work. Must be a descending path, relative\ \ to the kubelet's configured seccomp profile location. Must\ \ only be set if type is \"Localhost\"." type: "string" type: description: "type indicates which kind of seccomp profile will\ \ be applied. Valid options are:\n\nLocalhost - a profile\ \ defined in a file on the node should be used. RuntimeDefault\ \ - the container runtime default profile should be used.\ \ Unconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: description: "A list of groups applied to the first process run\ \ in each container, in addition to the container's primary GID.\ \ If unspecified, no groups will be added to any container." items: format: "int64" type: "integer" type: "array" sysctls: description: "Sysctls hold a list of namespaced sysctls used for\ \ the pod. Pods with unsupported sysctls (by the container runtime)\ \ might fail to launch." items: description: "Sysctl defines a kernel parameter to be set" example: name: "name" value: "value" properties: name: description: "Name of a property to set" type: "string" value: description: "Value of a property to set" type: "string" required: - "name" - "value" type: "object" type: "array" windowsOptions: description: "WindowsSecurityContextOptions contain Windows-specific\ \ options and credentials." example: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" properties: gmsaCredentialSpec: description: "GMSACredentialSpec is where the GMSA admission\ \ webhook (https://github.com/kubernetes-sigs/windows-gmsa)\ \ inlines the contents of the GMSA credential spec named by\ \ the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA\ \ credential spec to use." type: "string" runAsUserName: description: "The UserName in Windows to run the entrypoint\ \ of the container process. Defaults to the user specified\ \ in image metadata if unspecified. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext, the\ \ value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" containerSecurityContext: description: "The security context to apply to the hivemq container\ \ + static init containers used in the deployment template." example: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true properties: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process\ \ can gain more privileges than its parent process. This bool\ \ directly controls if the no_new_privs flag will be set on the\ \ container process. AllowPrivilegeEscalation is true always when\ \ the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN" type: "boolean" capabilities: description: "Adds and removes POSIX capabilities from running containers." example: add: - "add" - "add" drop: - "drop" - "drop" properties: add: description: "Added capabilities" items: type: "string" type: "array" drop: description: "Removed capabilities" items: type: "string" type: "array" type: "object" privileged: description: "Run container in privileged mode. Processes in privileged\ \ containers are essentially equivalent to root on the host. Defaults\ \ to false." type: "boolean" procMount: description: "procMount denotes the type of proc mount to use for\ \ the containers. The default is DefaultProcMount which uses the\ \ container runtime defaults for readonly paths and masked paths.\ \ This requires the ProcMountType feature flag to be enabled." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\ \ Default is false." type: "boolean" runAsGroup: description: "The GID to run the entrypoint of the container process.\ \ Uses runtime default if unset. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext, the\ \ value specified in SecurityContext takes precedence." format: "int64" type: "integer" runAsNonRoot: description: "Indicates that the container must run as a non-root\ \ user. If true, the Kubelet will validate the image at runtime\ \ to ensure that it does not run as UID 0 (root) and fail to start\ \ the container if it does. If unset or false, no such validation\ \ will be performed. May also be set in PodSecurityContext. If\ \ set in both SecurityContext and PodSecurityContext, the value\ \ specified in SecurityContext takes precedence." type: "boolean" runAsUser: description: "The UID to run the entrypoint of the container process.\ \ Defaults to user specified in image metadata if unspecified.\ \ May also be set in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." format: "int64" type: "integer" seLinuxOptions: description: "SELinuxOptions are the labels to be applied to the\ \ container" example: role: "role" level: "level" type: "type" user: "user" properties: level: description: "Level is SELinux level label that applies to the\ \ container." type: "string" role: description: "Role is a SELinux role label that applies to the\ \ container." type: "string" type: description: "Type is a SELinux type label that applies to the\ \ container." type: "string" user: description: "User is a SELinux user label that applies to the\ \ container." type: "string" type: "object" seccompProfile: description: "SeccompProfile defines a pod/container's seccomp profile\ \ settings. Only one profile source may be set." example: localhostProfile: "localhostProfile" type: "type" properties: localhostProfile: description: "localhostProfile indicates a profile defined in\ \ a file on the node should be used. The profile must be preconfigured\ \ on the node to work. Must be a descending path, relative\ \ to the kubelet's configured seccomp profile location. Must\ \ only be set if type is \"Localhost\"." type: "string" type: description: "type indicates which kind of seccomp profile will\ \ be applied. Valid options are:\n\nLocalhost - a profile\ \ defined in a file on the node should be used. RuntimeDefault\ \ - the container runtime default profile should be used.\ \ Unconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: description: "WindowsSecurityContextOptions contain Windows-specific\ \ options and credentials." example: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" properties: gmsaCredentialSpec: description: "GMSACredentialSpec is where the GMSA admission\ \ webhook (https://github.com/kubernetes-sigs/windows-gmsa)\ \ inlines the contents of the GMSA credential spec named by\ \ the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA\ \ credential spec to use." type: "string" runAsUserName: description: "The UserName in Windows to run the entrypoint\ \ of the container process. Defaults to the user specified\ \ in image metadata if unspecified. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext, the\ \ value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" initContainers: description: "Init containers to run before starting HiveMQ" items: description: "A single application container that you want to run\ \ within a pod." example: volumeDevices: - devicePath: "devicePath" name: "name" - devicePath: "devicePath" name: "name" image: "image" imagePullPolicy: "imagePullPolicy" livenessProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" stdin: true terminationMessagePolicy: "terminationMessagePolicy" terminationMessagePath: "terminationMessagePath" workingDir: "workingDir" resources: requests: {} limits: {} securityContext: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true startupProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" env: - name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" - name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" ports: - protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 - protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 command: - "command" - "command" volumeMounts: - mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" - mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" args: - "args" - "args" lifecycle: postStart: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" preStop: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" name: "name" tty: true readinessProbe: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" stdinOnce: true envFrom: - configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true - configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true properties: args: description: "Arguments to the entrypoint. The docker image's\ \ CMD is used if this is not provided. Variable references $(VAR_NAME)\ \ are expanded using the container's environment. If a variable\ \ cannot be resolved, the reference in the input string will\ \ be unchanged. The $(VAR_NAME) syntax can be escaped with a\ \ double $$, ie: $$(VAR_NAME). Escaped references will never\ \ be expanded, regardless of whether the variable exists or\ \ not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: description: "Entrypoint array. Not executed within a shell. The\ \ docker image's ENTRYPOINT is used if this is not provided.\ \ Variable references $(VAR_NAME) are expanded using the container's\ \ environment. If a variable cannot be resolved, the reference\ \ in the input string will be unchanged. The $(VAR_NAME) syntax\ \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ \ references will never be expanded, regardless of whether the\ \ variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: description: "List of environment variables to set in the container.\ \ Cannot be updated." items: description: "EnvVar represents an environment variable present\ \ in a Container." example: name: "name" value: "value" valueFrom: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: name: description: "Name of the environment variable. Must be\ \ a C_IDENTIFIER." type: "string" value: description: "Variable references $(VAR_NAME) are expanded\ \ using the previous defined environment variables in\ \ the container and any service environment variables.\ \ If a variable cannot be resolved, the reference in the\ \ input string will be unchanged. The $(VAR_NAME) syntax\ \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ \ references will never be expanded, regardless of whether\ \ the variable exists or not. Defaults to \"\"." type: "string" valueFrom: description: "EnvVarSource represents a source for the value\ \ of an EnvVar." example: secretKeyRef: name: "name" optional: true key: "key" resourceFieldRef: divisor: "divisor" resource: "resource" containerName: "containerName" configMapKeyRef: name: "name" optional: true key: "key" fieldRef: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: configMapKeyRef: description: "Selects a key from a ConfigMap." example: name: "name" optional: true key: "key" properties: key: description: "The key to select." type: "string" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its\ \ key must be defined" type: "boolean" required: - "key" type: "object" fieldRef: description: "ObjectFieldSelector selects an APIVersioned\ \ field of an object." example: apiVersion: "apiVersion" fieldPath: "fieldPath" properties: apiVersion: description: "Version of the schema the FieldPath\ \ is written in terms of, defaults to \"v1\"." type: "string" fieldPath: description: "Path of the field to select in the\ \ specified API version." type: "string" required: - "fieldPath" type: "object" resourceFieldRef: description: "ResourceFieldSelector represents container\ \ resources (cpu, memory) and their output format" example: divisor: "divisor" resource: "resource" containerName: "containerName" properties: containerName: description: "Container name: required for volumes,\ \ optional for env vars" type: "string" divisor: description: "Quantity is a fixed-point representation\ \ of a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and\ \ AsInt64() accessors.\n\nThe serialization format\ \ is:\n\n ::= \n\ \ (Note that may be empty, from the\ \ \"\" case in .)\n \ \ ::= 0 | 1 | ... | 9 ::=\ \ | \ \ ::= | . | .\ \ | . ::= \"+\" | \"\ -\" ::= | \ \ ::= | \ \ | ::= Ki | Mi\ \ | Gi | Ti | Pi | Ei\n (International System\ \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T\ \ | P | E\n (Note that 1024 = 1Ki but 1000 =\ \ 1k; I didn't choose the capitalization.)\n\ \ ::= \"e\" | \"E\" \n\ \nNo matter which of the three exponent forms\ \ is used, no quantity may represent a number\ \ greater than 2^63-1 in magnitude, nor may it\ \ have more than 3 decimal places. Numbers larger\ \ or more precise will be capped or rounded up.\ \ (E.g.: 0.1m will rounded up to 1m.) This may\ \ be extended in the future if we require larger\ \ or smaller quantities.\n\nWhen a Quantity is\ \ parsed from a string, it will remember the type\ \ of suffix it had, and will use the same type\ \ again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\".\ \ This means that Exponent/suffix will be adjusted\ \ up or down (with a corresponding increase or\ \ decrease in Mantissa) such that:\n a. No precision\ \ is lost\n b. No fractional digits will be emitted\n\ \ c. The exponent (or suffix) is as large as\ \ possible.\nThe sign will be omitted unless the\ \ number is negative.\n\nExamples:\n 1.5 will\ \ be serialized as \"1500m\"\n 1.5Gi will be\ \ serialized as \"1536Mi\"\n\nNote that the quantity\ \ will NEVER be internally represented by a floating\ \ point number. That is the whole point of this\ \ exercise.\n\nNon-canonical values will still\ \ parse as long as they are well formed, but will\ \ be re-emitted in their canonical form. (So always\ \ use canonical form, or don't diff.)\n\nThis\ \ format is intended to make it difficult to use\ \ these numbers without writing some sort of special\ \ handling code in the hopes that that will cause\ \ implementors to also use a fixed point implementation." format: "quantity" type: "string" resource: description: "Required: resource to select" type: "string" required: - "resource" type: "object" secretKeyRef: description: "SecretKeySelector selects a key of a Secret." example: name: "name" optional: true key: "key" properties: key: description: "The key of the secret to select from.\ \ Must be a valid secret key." type: "string" name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its\ \ key must be defined" type: "boolean" required: - "key" type: "object" type: "object" required: - "name" type: "object" type: "array" envFrom: description: "List of sources to populate environment variables\ \ in the container. The keys defined within a source must be\ \ a C_IDENTIFIER. All invalid keys will be reported as an event\ \ when the container is starting. When a key exists in multiple\ \ sources, the value associated with the last source will take\ \ precedence. Values defined by an Env with a duplicate key\ \ will take precedence. Cannot be updated." items: description: "EnvFromSource represents the source of a set of\ \ ConfigMaps" example: configMapRef: name: "name" optional: true prefix: "prefix" secretRef: name: "name" optional: true properties: configMapRef: description: "ConfigMapEnvSource selects a ConfigMap to\ \ populate the environment variables with.\n\nThe contents\ \ of the target ConfigMap's Data field will represent\ \ the key-value pairs as environment variables." example: name: "name" optional: true properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be\ \ defined" type: "boolean" type: "object" prefix: description: "An optional identifier to prepend to each\ \ key in the ConfigMap. Must be a C_IDENTIFIER." type: "string" secretRef: description: "SecretEnvSource selects a Secret to populate\ \ the environment variables with.\n\nThe contents of the\ \ target Secret's Data field will represent the key-value\ \ pairs as environment variables." example: name: "name" optional: true properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" type: "boolean" type: "object" type: "object" type: "array" image: description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images\ \ This field is optional to allow higher level config management\ \ to default or override container images in workload controllers\ \ like Deployments and StatefulSets." type: "string" imagePullPolicy: description: "Image pull policy. One of Always, Never, IfNotPresent.\ \ Defaults to Always if :latest tag is specified, or IfNotPresent\ \ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: description: "Lifecycle describes actions that the management\ \ system should take in response to container lifecycle events.\ \ For the PostStart and PreStop lifecycle handlers, management\ \ of the container blocks until the action is complete, unless\ \ the container process fails, in which case the handler is\ \ aborted." example: postStart: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" preStop: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: postStart: description: "Handler defines a specific action that should\ \ be taken" example: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's\ \ filesystem. The command is simply exec'd, it is\ \ not run inside a shell, so traditional shell instructions\ \ ('|', etc) won't work. To use a shell, you need\ \ to explicitly call out to that shell. Exit status\ \ of 0 is treated as live/healthy and non-zero is\ \ unhealthy." items: type: "string" type: "array" type: "object" httpGet: description: "HTTPGetAction describes an action based\ \ on HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to\ \ the pod IP. You probably want to set \"Host\"\ \ in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or YAML\ \ marshalling and unmarshalling, it produces or\ \ consumes the inner type. This allows you to have,\ \ for example, a JSON field that can accept a name\ \ or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the\ \ host. Defaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or YAML\ \ marshalling and unmarshalling, it produces or\ \ consumes the inner type. This allows you to have,\ \ for example, a JSON field that can accept a name\ \ or number." format: "int-or-string" type: "string" required: - "port" type: "object" type: "object" preStop: description: "Handler defines a specific action that should\ \ be taken" example: tcpSocket: port: "port" host: "host" exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute\ \ inside the container, the working directory for\ \ the command is root ('/') in the container's\ \ filesystem. The command is simply exec'd, it is\ \ not run inside a shell, so traditional shell instructions\ \ ('|', etc) won't work. To use a shell, you need\ \ to explicitly call out to that shell. Exit status\ \ of 0 is treated as live/healthy and non-zero is\ \ unhealthy." items: type: "string" type: "array" type: "object" httpGet: description: "HTTPGetAction describes an action based\ \ on HTTP Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to\ \ the pod IP. You probably want to set \"Host\"\ \ in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request.\ \ HTTP allows repeated headers." items: description: "HTTPHeader describes a custom header\ \ to be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or YAML\ \ marshalling and unmarshalling, it produces or\ \ consumes the inner type. This allows you to have,\ \ for example, a JSON field that can accept a name\ \ or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the\ \ host. Defaults to HTTP." type: "string" required: - "port" type: "object" tcpSocket: description: "TCPSocketAction describes an action based\ \ on opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold\ \ an int32 or a string. When used in JSON or YAML\ \ marshalling and unmarshalling, it produces or\ \ consumes the inner type. This allows you to have,\ \ for example, a JSON field that can accept a name\ \ or number." format: "int-or-string" type: "string" required: - "port" type: "object" type: "object" type: "object" livenessProbe: description: "Probe describes a health check to be performed against\ \ a container to determine whether it is alive or ready to receive\ \ traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute inside\ \ the container, the working directory for the command\ \ is root ('/') in the container's filesystem. The\ \ command is simply exec'd, it is not run inside a shell,\ \ so traditional shell instructions ('|', etc) won't\ \ work. To use a shell, you need to explicitly call\ \ out to that shell. Exit status of 0 is treated as\ \ live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to\ \ be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on HTTP\ \ Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP\ \ allows repeated headers." items: description: "HTTPHeader describes a custom header to\ \ be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has started\ \ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based on\ \ opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: description: "Name of the container specified as a DNS_LABEL.\ \ Each container in a pod must have a unique name (DNS_LABEL).\ \ Cannot be updated." type: "string" ports: description: "List of ports to expose from the container. Exposing\ \ a port here gives the system additional information about\ \ the network connections a container uses, but is primarily\ \ informational. Not specifying a port here DOES NOT prevent\ \ that port from being exposed. Any port which is listening\ \ on the default \"0.0.0.0\" address inside a container will\ \ be accessible from the network. Cannot be updated." items: description: "ContainerPort represents a network port in a single\ \ container." example: protocol: "protocol" hostIP: "hostIP" name: "name" containerPort: 3 hostPort: 2 properties: containerPort: description: "Number of port to expose on the pod's IP address.\ \ This must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: description: "Number of port to expose on the host. If specified,\ \ this must be a valid port number, 0 < x < 65536. If\ \ HostNetwork is specified, this must match ContainerPort.\ \ Most containers do not need this." format: "int32" type: "integer" name: description: "If specified, this must be an IANA_SVC_NAME\ \ and unique within the pod. Each named port in a pod\ \ must have a unique name. Name for the port that can\ \ be referred to by services." type: "string" protocol: description: "Protocol for port. Must be UDP, TCP, or SCTP.\ \ Defaults to \"TCP\"." type: "string" required: - "containerPort" - "protocol" type: "object" type: "array" x-kubernetes-list-map-keys: - "containerPort" - "protocol" x-kubernetes-list-type: "map" readinessProbe: description: "Probe describes a health check to be performed against\ \ a container to determine whether it is alive or ready to receive\ \ traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute inside\ \ the container, the working directory for the command\ \ is root ('/') in the container's filesystem. The\ \ command is simply exec'd, it is not run inside a shell,\ \ so traditional shell instructions ('|', etc) won't\ \ work. To use a shell, you need to explicitly call\ \ out to that shell. Exit status of 0 is treated as\ \ live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to\ \ be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on HTTP\ \ Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP\ \ allows repeated headers." items: description: "HTTPHeader describes a custom header to\ \ be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has started\ \ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based on\ \ opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" resources: description: "ResourceRequirements describes the compute resource\ \ requirements." example: requests: {} limits: {} properties: limits: additionalProperties: description: "Quantity is a fixed-point representation of\ \ a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | ::=\ \ | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | ::=\ \ | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P | E\n\ \ (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose\ \ the capitalization.)\n ::= \"e\" \ \ | \"E\" \n\nNo matter which of the three\ \ exponent forms is used, no quantity may represent a\ \ number greater than 2^63-1 in magnitude, nor may it\ \ have more than 3 decimal places. Numbers larger or more\ \ precise will be capped or rounded up. (E.g.: 0.1m will\ \ rounded up to 1m.) This may be extended in the future\ \ if we require larger or smaller quantities.\n\nWhen\ \ a Quantity is parsed from a string, it will remember\ \ the type of suffix it had, and will use the same type\ \ again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted up or down (with\ \ a corresponding increase or decrease in Mantissa) such\ \ that:\n a. No precision is lost\n b. No fractional\ \ digits will be emitted\n c. The exponent (or suffix)\ \ is as large as possible.\nThe sign will be omitted unless\ \ the number is negative.\n\nExamples:\n 1.5 will be\ \ serialized as \"1500m\"\n 1.5Gi will be serialized\ \ as \"1536Mi\"\n\nNote that the quantity will NEVER be\ \ internally represented by a floating point number. That\ \ is the whole point of this exercise.\n\nNon-canonical\ \ values will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis format\ \ is intended to make it difficult to use these numbers\ \ without writing some sort of special handling code in\ \ the hopes that that will cause implementors to also\ \ use a fixed point implementation." format: "quantity" type: "string" description: "Limits describes the maximum amount of compute\ \ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" requests: additionalProperties: description: "Quantity is a fixed-point representation of\ \ a number. It provides convenient marshaling/unmarshaling\ \ in JSON and YAML, in addition to String() and AsInt64()\ \ accessors.\n\nThe serialization format is:\n\n\ \ ::= \n (Note that \ \ may be empty, from the \"\" case in .)\n\ ::= 0 | 1 | ... | 9 \ \ ::= | ::=\ \ | . | . | .\ \ ::= \"+\" | \"-\" \ \ ::= | ::=\ \ | | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International\ \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ ::= m | \"\" | k | M | G | T | P | E\n\ \ (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose\ \ the capitalization.)\n ::= \"e\" \ \ | \"E\" \n\nNo matter which of the three\ \ exponent forms is used, no quantity may represent a\ \ number greater than 2^63-1 in magnitude, nor may it\ \ have more than 3 decimal places. Numbers larger or more\ \ precise will be capped or rounded up. (E.g.: 0.1m will\ \ rounded up to 1m.) This may be extended in the future\ \ if we require larger or smaller quantities.\n\nWhen\ \ a Quantity is parsed from a string, it will remember\ \ the type of suffix it had, and will use the same type\ \ again when it is serialized.\n\nBefore serializing,\ \ Quantity will be put in \"canonical form\". This means\ \ that Exponent/suffix will be adjusted up or down (with\ \ a corresponding increase or decrease in Mantissa) such\ \ that:\n a. No precision is lost\n b. No fractional\ \ digits will be emitted\n c. The exponent (or suffix)\ \ is as large as possible.\nThe sign will be omitted unless\ \ the number is negative.\n\nExamples:\n 1.5 will be\ \ serialized as \"1500m\"\n 1.5Gi will be serialized\ \ as \"1536Mi\"\n\nNote that the quantity will NEVER be\ \ internally represented by a floating point number. That\ \ is the whole point of this exercise.\n\nNon-canonical\ \ values will still parse as long as they are well formed,\ \ but will be re-emitted in their canonical form. (So\ \ always use canonical form, or don't diff.)\n\nThis format\ \ is intended to make it difficult to use these numbers\ \ without writing some sort of special handling code in\ \ the hopes that that will cause implementors to also\ \ use a fixed point implementation." format: "quantity" type: "string" description: "Requests describes the minimum amount of compute\ \ resources required. If Requests is omitted for a container,\ \ it defaults to Limits if that is explicitly specified,\ \ otherwise to an implementation-defined value. More info:\ \ https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" type: "object" type: "object" securityContext: description: "SecurityContext holds security configuration that\ \ will be applied to a container. Some fields are present in\ \ both SecurityContext and PodSecurityContext. When both are\ \ set, the values in SecurityContext take precedence." example: privileged: true runAsUser: 7 capabilities: add: - "add" - "add" drop: - "drop" - "drop" seLinuxOptions: role: "role" level: "level" type: "type" user: "user" seccompProfile: localhostProfile: "localhostProfile" type: "type" windowsOptions: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" procMount: "procMount" allowPrivilegeEscalation: true runAsGroup: 4 runAsNonRoot: true readOnlyRootFilesystem: true properties: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a\ \ process can gain more privileges than its parent process.\ \ This bool directly controls if the no_new_privs flag will\ \ be set on the container process. AllowPrivilegeEscalation\ \ is true always when the container is: 1) run as Privileged\ \ 2) has CAP_SYS_ADMIN" type: "boolean" capabilities: description: "Adds and removes POSIX capabilities from running\ \ containers." example: add: - "add" - "add" drop: - "drop" - "drop" properties: add: description: "Added capabilities" items: type: "string" type: "array" drop: description: "Removed capabilities" items: type: "string" type: "array" type: "object" privileged: description: "Run container in privileged mode. Processes\ \ in privileged containers are essentially equivalent to\ \ root on the host. Defaults to false." type: "boolean" procMount: description: "procMount denotes the type of proc mount to\ \ use for the containers. The default is DefaultProcMount\ \ which uses the container runtime defaults for readonly\ \ paths and masked paths. This requires the ProcMountType\ \ feature flag to be enabled." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root\ \ filesystem. Default is false." type: "boolean" runAsGroup: description: "The GID to run the entrypoint of the container\ \ process. Uses runtime default if unset. May also be set\ \ in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." format: "int64" type: "integer" runAsNonRoot: description: "Indicates that the container must run as a non-root\ \ user. If true, the Kubelet will validate the image at\ \ runtime to ensure that it does not run as UID 0 (root)\ \ and fail to start the container if it does. If unset or\ \ false, no such validation will be performed. May also\ \ be set in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." type: "boolean" runAsUser: description: "The UID to run the entrypoint of the container\ \ process. Defaults to user specified in image metadata\ \ if unspecified. May also be set in PodSecurityContext.\ \ If set in both SecurityContext and PodSecurityContext,\ \ the value specified in SecurityContext takes precedence." format: "int64" type: "integer" seLinuxOptions: description: "SELinuxOptions are the labels to be applied\ \ to the container" example: role: "role" level: "level" type: "type" user: "user" properties: level: description: "Level is SELinux level label that applies\ \ to the container." type: "string" role: description: "Role is a SELinux role label that applies\ \ to the container." type: "string" type: description: "Type is a SELinux type label that applies\ \ to the container." type: "string" user: description: "User is a SELinux user label that applies\ \ to the container." type: "string" type: "object" seccompProfile: description: "SeccompProfile defines a pod/container's seccomp\ \ profile settings. Only one profile source may be set." example: localhostProfile: "localhostProfile" type: "type" properties: localhostProfile: description: "localhostProfile indicates a profile defined\ \ in a file on the node should be used. The profile\ \ must be preconfigured on the node to work. Must be\ \ a descending path, relative to the kubelet's configured\ \ seccomp profile location. Must only be set if type\ \ is \"Localhost\"." type: "string" type: description: "type indicates which kind of seccomp profile\ \ will be applied. Valid options are:\n\nLocalhost -\ \ a profile defined in a file on the node should be\ \ used. RuntimeDefault - the container runtime default\ \ profile should be used. Unconfined - no profile should\ \ be applied." type: "string" required: - "type" type: "object" windowsOptions: description: "WindowsSecurityContextOptions contain Windows-specific\ \ options and credentials." example: gmsaCredentialSpec: "gmsaCredentialSpec" runAsUserName: "runAsUserName" gmsaCredentialSpecName: "gmsaCredentialSpecName" properties: gmsaCredentialSpec: description: "GMSACredentialSpec is where the GMSA admission\ \ webhook (https://github.com/kubernetes-sigs/windows-gmsa)\ \ inlines the contents of the GMSA credential spec named\ \ by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the\ \ GMSA credential spec to use." type: "string" runAsUserName: description: "The UserName in Windows to run the entrypoint\ \ of the container process. Defaults to the user specified\ \ in image metadata if unspecified. May also be set\ \ in PodSecurityContext. If set in both SecurityContext\ \ and PodSecurityContext, the value specified in SecurityContext\ \ takes precedence." type: "string" type: "object" type: "object" startupProbe: description: "Probe describes a health check to be performed against\ \ a container to determine whether it is alive or ready to receive\ \ traffic." example: failureThreshold: 5 periodSeconds: 2 tcpSocket: port: "port" host: "host" timeoutSeconds: 9 successThreshold: 7 initialDelaySeconds: 5 exec: command: - "command" - "command" httpGet: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: exec: description: "ExecAction describes a \"run in container\"\ \ action." example: command: - "command" - "command" properties: command: description: "Command is the command line to execute inside\ \ the container, the working directory for the command\ \ is root ('/') in the container's filesystem. The\ \ command is simply exec'd, it is not run inside a shell,\ \ so traditional shell instructions ('|', etc) won't\ \ work. To use a shell, you need to explicitly call\ \ out to that shell. Exit status of 0 is treated as\ \ live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to\ \ be considered failed after having succeeded. Defaults\ \ to 3. Minimum value is 1." format: "int32" type: "integer" httpGet: description: "HTTPGetAction describes an action based on HTTP\ \ Get requests." example: path: "path" scheme: "scheme" port: "port" host: "host" httpHeaders: - name: "name" value: "value" - name: "name" value: "value" properties: host: description: "Host name to connect to, defaults to the\ \ pod IP. You probably want to set \"Host\" in httpHeaders\ \ instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP\ \ allows repeated headers." items: description: "HTTPHeader describes a custom header to\ \ be used in HTTP probes" example: name: "name" value: "value" properties: name: description: "The header field name" type: "string" value: description: "The header field value" type: "string" required: - "name" - "value" type: "object" type: "array" path: description: "Path to access on the HTTP server." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" scheme: description: "Scheme to use for connecting to the host.\ \ Defaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: description: "Number of seconds after the container has started\ \ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: description: "How often (in seconds) to perform the probe.\ \ Default to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: description: "Minimum consecutive successes for the probe\ \ to be considered successful after having failed. Defaults\ \ to 1. Must be 1 for liveness and startup. Minimum value\ \ is 1." format: "int32" type: "integer" tcpSocket: description: "TCPSocketAction describes an action based on\ \ opening a socket" example: port: "port" host: "host" properties: host: description: "Optional: Host name to connect to, defaults\ \ to the pod IP." type: "string" port: description: "IntOrString is a type that can hold an int32\ \ or a string. When used in JSON or YAML marshalling\ \ and unmarshalling, it produces or consumes the inner\ \ type. This allows you to have, for example, a JSON\ \ field that can accept a name or number." format: "int-or-string" type: "string" required: - "port" type: "object" timeoutSeconds: description: "Number of seconds after which the probe times\ \ out. Defaults to 1 second. Minimum value is 1. More info:\ \ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: description: "Whether this container should allocate a buffer\ \ for stdin in the container runtime. If this is not set, reads\ \ from stdin in the container will always result in EOF. Default\ \ is false." type: "boolean" stdinOnce: description: "Whether the container runtime should close the stdin\ \ channel after it has been opened by a single attach. When\ \ stdin is true the stdin stream will remain open across multiple\ \ attach sessions. If stdinOnce is set to true, stdin is opened\ \ on container start, is empty until the first client attaches\ \ to stdin, and then remains open and accepts data until the\ \ client disconnects, at which time stdin is closed and remains\ \ closed until the container is restarted. If this flag is false,\ \ a container processes that reads from stdin will never receive\ \ an EOF. Default is false" type: "boolean" terminationMessagePath: description: "Optional: Path at which the file to which the container's\ \ termination message will be written is mounted into the container's\ \ filesystem. Message written is intended to be brief final\ \ status, such as an assertion failure message. Will be truncated\ \ by the node if greater than 4096 bytes. The total message\ \ length across all containers will be limited to 12kb. Defaults\ \ to /dev/termination-log. Cannot be updated." type: "string" terminationMessagePolicy: description: "Indicate how the termination message should be populated.\ \ File will use the contents of terminationMessagePath to populate\ \ the container status message on both success and failure.\ \ FallbackToLogsOnError will use the last chunk of container\ \ log output if the termination message file is empty and the\ \ container exited with an error. The log output is limited\ \ to 2048 bytes or 80 lines, whichever is smaller. Defaults\ \ to File. Cannot be updated." type: "string" tty: description: "Whether this container should allocate a TTY for\ \ itself, also requires 'stdin' to be true. Default is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be\ \ used by the container." items: description: "volumeDevice describes a mapping of a raw block\ \ device within a container." example: devicePath: "devicePath" name: "name" properties: devicePath: description: "devicePath is the path inside of the container\ \ that the device will be mapped to." type: "string" name: description: "name must match the name of a persistentVolumeClaim\ \ in the pod" type: "string" required: - "devicePath" - "name" type: "object" type: "array" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\ \ Cannot be updated." items: description: "VolumeMount describes a mounting of a Volume within\ \ a container." example: mountPath: "mountPath" mountPropagation: "mountPropagation" name: "name" readOnly: true subPath: "subPath" subPathExpr: "subPathExpr" properties: mountPath: description: "Path within the container at which the volume\ \ should be mounted. Must not contain ':'." type: "string" mountPropagation: description: "mountPropagation determines how mounts are\ \ propagated from the host to container and the other\ \ way around. When not set, MountPropagationNone is used.\ \ This field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: description: "Mounted read-only if true, read-write otherwise\ \ (false or unspecified). Defaults to false." type: "boolean" subPath: description: "Path within the volume from which the container's\ \ volume should be mounted. Defaults to \"\" (volume's\ \ root)." type: "string" subPathExpr: description: "Expanded path within the volume from which\ \ the container's volume should be mounted. Behaves similarly\ \ to SubPath but environment variable references $(VAR_NAME)\ \ are expanded using the container's environment. Defaults\ \ to \"\" (volume's root). SubPathExpr and SubPath are\ \ mutually exclusive." type: "string" required: - "mountPath" - "name" type: "object" type: "array" workingDir: description: "Container's working directory. If not specified,\ \ the container runtime's default will be used, which might\ \ be configured in the container image. Cannot be updated." type: "string" required: - "name" type: "object" type: "array" initialization: description: "Initialization routines to run before starting HiveMQ" items: properties: name: type: "string" image: description: "Container to run the commands in, might be ignored\ \ on some platforms" type: "string" command: items: type: "string" type: "array" args: items: type: "string" type: "array" required: - "name" type: "object" type: "array" initDnsWaitImage: description: "Optional custom image/mirror to use for the HiveMQ dns\ \ wait container" type: "string" initBusyboxImage: description: "Optional custom image/mirror to use for the init busybox\ \ container" type: "string" affinity: description: "Specify a PodAffinity object. Must be specified as a scalar\ \ string for now." type: "string" ports: description: "List of ports to map for each cluster node. MQTT, control\ \ center and cluster port are required and set by default." items: properties: name: description: "Name of the port, for use in templating" type: "string" port: description: "Port to map" maximum: 65535.0 minimum: 1.0 type: "integer" expose: description: "Create a Service for this port" type: "boolean" patch: description: "JSON patches to apply to service manifests before\ \ applying them, only applies if expose is true." items: type: "string" type: "array" required: - "name" - "port" type: "object" type: "array" clusterReplicaCount: description: "Number of replicas to store in total" minimum: 1.0 type: "integer" clusterOverloadProtection: type: "boolean" restrictions: properties: maxClientIdLength: type: "integer" maxTopicLength: type: "integer" maxConnections: minimum: -1.0 type: "integer" incomingBandwidthThrottling: minimum: 0.0 type: "integer" noConnectIdleTimeout: type: "integer" type: "object" mqtt: properties: sessionExpiryInterval: minimum: 0.0 type: "integer" messageExpiryMaxInterval: minimum: 0.0 type: "integer" maxPacketSize: type: "integer" serverReceiveMaximum: type: "integer" keepaliveMax: type: "integer" keepaliveAllowUnlimited: type: "boolean" topicAliasEnabled: type: "boolean" topicAliasMaxPerClient: type: "integer" subscriptionIdentifierEnabled: type: "boolean" wildcardSubscriptionEnabled: type: "boolean" sharedSubscriptionEnabled: type: "boolean" retainedMessagesEnabled: type: "boolean" maxQos: maximum: 2.0 minimum: 0.0 type: "integer" queuedMessagesMaxQueueSize: minimum: 0.0 type: "integer" queuedMessageStrategy: enum: - "discard" - "discard-oldest" type: "string" type: "object" monitoring: properties: enablePrometheus: description: "Enable the prometheus extension and attempt to integrate\ \ with prometheus-operator" type: "boolean" scrapeInterval: description: "When enabled, specifies the Prometheus scrape interval\ \ for the resulting target in go duration syntax" type: "string" type: "object" security: properties: allowEmptyClientId: type: "boolean" payloadFormatValidation: type: "boolean" topicFormatValidation: type: "boolean" allowRequestProblemInformation: type: "boolean" controlCenterAuditLogEnabled: type: "boolean" type: "object" dnsSuffix: description: "Cluster domain suffix to use for DNS discovery, default\ \ if not set: svc.cluster.local." type: "string" controllerTemplate: description: "Advanced: Template file to use for rendering the controller\ \ that will spawn the HiveMQ pods. The template files are stored on\ \ the operator container at /templates and can be overridden via configMap." type: "string" serviceAccountName: description: "Service account to assign to the pods in the template" type: "string" secrets: description: "Secrets to mount onto the HiveMQ container" items: properties: name: description: "Name of the secret to be mounted" type: "string" path: description: "Path to mount the files to" type: "string" required: - "name" - "path" type: "object" type: "array" customProperties: additionalProperties: type: "string" description: "Additional arbitrary properties for this cluster, to be\ \ used in custom controller templates." type: "object" type: "object" status: description: "A HiveMQ deployment's status description" properties: state: description: "The current state of the deployment, indicating if updates\ \ are in progress, have failed, or the state was degraded" enum: - "Running" - "Updating" - "Creating" - "Pending" - "Failed" - "Degraded" - "Deleting" type: "string" message: description: "Human readable message describing the current state of\ \ the cluster or action being performed" type: "string" portStatus: description: "The public addresses of generated LoadBalancer services" items: properties: port: description: "Exposed port on the given service" maximum: 65535.0 minimum: 1.0 type: "integer" address: type: "string" name: description: "Name of the port in the original mapping" type: "string" type: "object" type: "array" warnings: description: "Warning messages regarding configuration errors" items: type: "string" type: "array" conditions: description: "The conditions of the cluster at any given time, as implemented\ \ by all Kubernetes resources" items: properties: type: description: "Identifier for the condition, add new conditions\ \ for life cycles here" enum: - "AllNodesReady" - "AllExtensionsLoaded" - "AllServicesReady" - "LogLevelApplied" type: "string" lastTransitionTime: description: "Last state transition time in RFC3339, UTC time" pattern: "^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\\ .[0-9]+)?(([Zz])|([\\+|\\-]([01][0-9]|2[0-3]):[0-5][0-9]))$" type: "string" status: description: "current status of the condition" type: "string" reason: description: "Reason for the last state transition" type: "string" type: "object" type: "array" previousState: description: "The previous state of this cluster, for building diffs\ \ and determining the current cluster state" type: "string" extensionState: description: "Description of all extensions and their (desired) states" items: properties: name: description: "Unique, descriptive name for the extension folder" type: "string" enabled: description: "Whether this extension should be enabled" type: "boolean" configMap: description: "ConfigMap that contains configuration files for\ \ this extension" type: "string" static: description: "Whether configuration changes should lead to a rolling\ \ disable/enable instead of hot-reload" type: "boolean" extensionUri: description: "HTTP URI to download the extension from (as .zip\ \ distribution). Set to 'preinstalled' if the extension to be\ \ managed is statically built into the container." type: "string" offline: description: "Whether the individual HiveMQ nodes being updated\ \ with a new extension version should be taken offline (i.e.\ \ removed from load-balancers) during the update" type: "boolean" initialization: description: "Initialization script to run when installing this\ \ extension. This will be executed with the working directory\ \ as the extension folder. Must be idempotent as it will be\ \ run on every update as well." type: "string" updateStrategy: description: "In what manner to perform extension updates" enum: - "serial" - "parallel" type: "string" required: - "name" type: "object" type: "array" surgeStatus: description: "Only used if the underlying controller type is StatefulSet:\ \ indicates whether a surge update is in progress, and what state\ \ it is in." enum: - "SURGE_IN_PROGRESS" - "READY" type: "string" required: - "state" - "message" type: "object" metadata: type: "object" required: - "spec" type: "object" versions: - name: "v1" served: true storage: true