From e0d893247dfaf6630ec9407893d95edf71d6b65f Mon Sep 17 00:00:00 2001 From: Kaushik Surya Date: Fri, 8 Aug 2025 14:32:50 -0400 Subject: [PATCH 1/2] Ability to configure Collector's Service, Headless Service and Monitoring Service --- apis/v1alpha1/amazoncloudwatchagent_types.go | 29 + apis/v1alpha1/zz_generated.deepcopy.go | 23 + apis/v1alpha2/amazoncloudwatchagent_types.go | 29 + apis/v1alpha2/zz_generated.deepcopy.go | 23 + ...aws.amazon.com_amazoncloudwatchagents.yaml | 1215 +++++-- ...oudwatch.aws.amazon.com_dcgmexporters.yaml | 388 ++- ...watch.aws.amazon.com_instrumentations.yaml | 158 +- ...udwatch.aws.amazon.com_neuronmonitors.yaml | 389 ++- config/rbac/role.yaml | 68 +- docs/api.md | 2887 ++++++++++++----- internal/manifests/collector/collector.go | 15 +- .../manifests/collector/collector_test.go | 103 + internal/manifests/collector/service.go | 17 +- internal/manifests/collector/service_test.go | 26 + 14 files changed, 3989 insertions(+), 1381 deletions(-) create mode 100644 internal/manifests/collector/collector_test.go diff --git a/apis/v1alpha1/amazoncloudwatchagent_types.go b/apis/v1alpha1/amazoncloudwatchagent_types.go index a9b7179e4..b17509f52 100644 --- a/apis/v1alpha1/amazoncloudwatchagent_types.go +++ b/apis/v1alpha1/amazoncloudwatchagent_types.go @@ -285,6 +285,18 @@ type AmazonCloudWatchAgentSpec struct { // This is only applicable to Deployment mode. // +optional DeploymentUpdateStrategy appsv1.DeploymentStrategy `json:"deploymentUpdateStrategy,omitempty"` + + // Service to override configuration of the generated Collector Service. + // +optional + Service ServiceSpec `json:"service,omitempty"` + + // HeadlessService to override configuration of the generated Collector HeadlessService. + // +optional + HeadlessService ServiceSpec `json:"headlessService,omitempty"` + + // MonitoringService to override configuration of the generated Collector MonitoringService. + // +optional + MonitoringService ServiceSpec `json:"monitoringService,omitempty"` } // AmazonCloudWatchAgentTargetAllocator defines the configurations for the Prometheus target allocator. @@ -562,6 +574,23 @@ type ConfigMapsSpec struct { MountPath string `json:"mountpath"` } +type ServiceSpec struct { + // Enabled indicates whether the Service should be created. + // nil means not set (defaults to enabled for backward compatibility) + // +optional + Enabled *bool `json:"enabled,omitempty"` + + // Name to override the default Service name + // +optional + Name string `json:"name,omitempty"` +} + +// IsEnabled returns true if the service should be created. +// nil (not set) defaults to true for backward compatibility. +func (s *ServiceSpec) IsEnabled() bool { + return s.Enabled == nil || *s.Enabled +} + func init() { SchemeBuilder.Register(&AmazonCloudWatchAgent{}, &AmazonCloudWatchAgentList{}) } diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index 827b3d7c3..16bde92de 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -235,6 +235,9 @@ func (in *AmazonCloudWatchAgentSpec) DeepCopyInto(out *AmazonCloudWatchAgentSpec } in.UpdateStrategy.DeepCopyInto(&out.UpdateStrategy) in.DeploymentUpdateStrategy.DeepCopyInto(&out.DeploymentUpdateStrategy) + in.Service.DeepCopyInto(&out.Service) + in.HeadlessService.DeepCopyInto(&out.HeadlessService) + in.MonitoringService.DeepCopyInto(&out.MonitoringService) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AmazonCloudWatchAgentSpec. @@ -1320,3 +1323,23 @@ func (in *ScaleSubresourceStatus) DeepCopy() *ScaleSubresourceStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceSpec) DeepCopyInto(out *ServiceSpec) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceSpec. +func (in *ServiceSpec) DeepCopy() *ServiceSpec { + if in == nil { + return nil + } + out := new(ServiceSpec) + in.DeepCopyInto(out) + return out +} diff --git a/apis/v1alpha2/amazoncloudwatchagent_types.go b/apis/v1alpha2/amazoncloudwatchagent_types.go index b377a289d..dbda8daec 100644 --- a/apis/v1alpha2/amazoncloudwatchagent_types.go +++ b/apis/v1alpha2/amazoncloudwatchagent_types.go @@ -211,6 +211,18 @@ type AmazonCloudWatchAgentSpec struct { // This is only applicable to Deployment mode. // +optional DeploymentUpdateStrategy appsv1.DeploymentStrategy `json:"deploymentUpdateStrategy,omitempty"` + + // Service to override configuration of the generated Collector Service. + // +optional + Service ServiceSpec `json:"service,omitempty"` + + // HeadlessService to override configuration of the generated Collector HeadlessService. + // +optional + HeadlessService ServiceSpec `json:"headlessService,omitempty"` + + // MonitoringService to override configuration of the generated Collector MonitoringService. + // +optional + MonitoringService ServiceSpec `json:"monitoringService,omitempty"` } // AmazonCloudWatchAgentStatus defines the observed state of AmazonCloudWatchAgent. @@ -260,6 +272,23 @@ type AmazonCloudWatchAgentList struct { Items []AmazonCloudWatchAgent `json:"items"` } +type ServiceSpec struct { + // Enabled indicates whether the Service should be created. + // nil means not set (defaults to enabled for backward compatibility) + // +optional + Enabled *bool `json:"enabled,omitempty"` + + // Name to override the default Service name + // +optional + Name string `json:"name,omitempty"` +} + +// IsEnabled returns true if the service should be created. +// nil (not set) defaults to true for backward compatibility. +func (s *ServiceSpec) IsEnabled() bool { + return s.Enabled == nil || *s.Enabled +} + func init() { SchemeBuilder.Register(&AmazonCloudWatchAgent{}, &AmazonCloudWatchAgentList{}) } diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 3df978654..d90a7b1f2 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -223,6 +223,9 @@ func (in *AmazonCloudWatchAgentSpec) DeepCopyInto(out *AmazonCloudWatchAgentSpec } in.UpdateStrategy.DeepCopyInto(&out.UpdateStrategy) in.DeploymentUpdateStrategy.DeepCopyInto(&out.DeploymentUpdateStrategy) + in.Service.DeepCopyInto(&out.Service) + in.HeadlessService.DeepCopyInto(&out.HeadlessService) + in.MonitoringService.DeepCopyInto(&out.MonitoringService) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AmazonCloudWatchAgentSpec. @@ -628,3 +631,23 @@ func (in *Sampler) DeepCopy() *Sampler { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceSpec) DeepCopyInto(out *ServiceSpec) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceSpec. +func (in *ServiceSpec) DeepCopy() *ServiceSpec { + if in == nil { + return nil + } + out := new(ServiceSpec) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml index 996fb4315..040335df4 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: amazoncloudwatchagents.cloudwatch.aws.amazon.com spec: group: cloudwatch.aws.amazon.com @@ -74,11 +74,9 @@ spec: deployment mode. More info about sidecars: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - Container names managed by the operator: * `otc-container` - Overriding containers managed by the operator is outside the scope of what the maintainers will support and by doing so, you wil accept the risk of it breaking things. items: @@ -98,6 +96,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -111,6 +110,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -146,10 +146,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or @@ -209,10 +212,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its @@ -227,6 +233,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -237,16 +246,19 @@ spec: Cannot be updated. items: description: EnvFromSource represents the source of a set - of ConfigMaps + of ConfigMaps or Secrets properties: configMapRef: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be @@ -255,17 +267,20 @@ spec: type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: Optional text to prepend to the name of each + environment variable. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -274,6 +289,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -302,7 +318,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -314,9 +331,11 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -343,6 +362,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -364,8 +384,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. + description: Sleep represents a duration that the container + should sleep. properties: seconds: description: Seconds is the number of seconds to @@ -378,8 +398,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, @@ -411,7 +431,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -423,9 +444,11 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -452,6 +475,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -473,8 +497,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. + description: Sleep represents a duration that the container + should sleep. properties: seconds: description: Seconds is the number of seconds to @@ -487,8 +511,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, @@ -507,6 +531,12 @@ spec: - port type: object type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string type: object livenessProbe: description: |- @@ -516,7 +546,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -528,6 +559,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -536,7 +568,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -544,18 +576,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -582,6 +614,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -621,8 +654,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -726,7 +758,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -738,6 +771,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -746,7 +780,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -754,18 +788,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -792,6 +826,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -831,8 +866,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -905,11 +939,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -920,6 +952,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -986,6 +1024,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -999,6 +1061,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -1006,6 +1069,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -1017,7 +1081,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -1099,7 +1163,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -1151,7 +1214,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -1163,6 +1227,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1171,7 +1236,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -1179,18 +1244,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -1217,6 +1282,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1256,8 +1322,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -1358,6 +1423,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. @@ -1377,6 +1445,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -1386,6 +1456,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -1403,6 +1492,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -1468,11 +1560,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -1500,11 +1594,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1517,6 +1613,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1561,11 +1658,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -1593,14 +1692,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1661,11 +1763,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1680,13 +1784,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -1695,13 +1798,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -1741,11 +1843,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1765,6 +1869,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1787,6 +1892,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1836,11 +1942,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1855,13 +1963,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -1870,13 +1977,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -1915,11 +2021,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1939,6 +2047,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1951,6 +2060,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. @@ -2008,11 +2118,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2027,13 +2139,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -2042,13 +2153,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -2088,11 +2198,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2112,6 +2224,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2134,6 +2247,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -2183,11 +2297,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2202,13 +2318,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -2217,13 +2332,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -2262,11 +2376,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2286,6 +2402,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2298,6 +2415,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object args: @@ -2326,7 +2444,9 @@ spec: policies: description: |- policies is a list of potential scaling polices which can be used during scaling. - At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + If not set, use the default values: + - For scale up: allow doubling the number of pods, or an absolute change of 4 pods in a 15s window. + - For scale down: allow all pods to be removed in a 15s window. items: description: HPAScalingPolicy is a single policy which must hold true for a specified past interval. @@ -2369,6 +2489,24 @@ spec: - For scale down: 300 (i.e. the stabilization window is 300 seconds long). format: int32 type: integer + tolerance: + anyOf: + - type: integer + - type: string + description: |- + tolerance is the tolerance on the ratio between the current and desired + metric value under which no updates are made to the desired number of + replicas (e.g. 0.01 for 1%). Must be greater than or equal to zero. If not + set, the default cluster-wide tolerance is applied (by default 10%). + + For example, if autoscaling is configured with a memory consumption target of 100Mi, + and scale-down and scale-up tolerances of 5% and 1% respectively, scaling will be + triggered when the actual consumption falls below 95Mi or exceeds 101Mi. + + This is an alpha field and requires enabling the HPAConfigurableTolerance + feature gate. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object scaleUp: description: |- @@ -2381,7 +2519,9 @@ spec: policies: description: |- policies is a list of potential scaling polices which can be used during scaling. - At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + If not set, use the default values: + - For scale up: allow doubling the number of pods, or an absolute change of 4 pods in a 15s window. + - For scale down: allow all pods to be removed in a 15s window. items: description: HPAScalingPolicy is a single policy which must hold true for a specified past interval. @@ -2424,6 +2564,24 @@ spec: - For scale down: 300 (i.e. the stabilization window is 300 seconds long). format: int32 type: integer + tolerance: + anyOf: + - type: integer + - type: string + description: |- + tolerance is the tolerance on the ratio between the current and desired + metric value under which no updates are made to the desired number of + replicas (e.g. 0.01 for 1%). Must be greater than or equal to zero. If not + set, the default cluster-wide tolerance is applied (by default 10%). + + For example, if autoscaling is configured with a memory consumption target of 100Mi, + and scale-down and scale-up tolerances of 5% and 1% respectively, scaling will be + triggered when the actual consumption falls below 95Mi or exceeds 101Mi. + + This is an alpha field and requires enabling the HPAConfigurableTolerance + feature gate. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object type: object maxReplicas: @@ -2489,11 +2647,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2605,9 +2765,6 @@ spec: description: |- Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. - --- - TODO: Update this to follow our convention for oneOf, whatever we decide it - to be. properties: maxSurge: anyOf: @@ -2682,10 +2839,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -2744,10 +2904,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -2768,15 +2931,19 @@ spec: These can then in certain cases be consumed in the config file for the Collector. items: description: EnvFromSource represents the source of a set of ConfigMaps + or Secrets properties: configMapRef: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined @@ -2784,17 +2951,20 @@ spec: type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. + description: Optional text to prepend to the name of each environment + variable. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -2803,6 +2973,19 @@ spec: x-kubernetes-map-type: atomic type: object type: array + headlessService: + description: HeadlessService to override configuration of the generated + Collector HeadlessService. + properties: + enabled: + description: |- + Enabled indicates whether the Service should be created. + nil means not set (defaults to enabled for backward compatibility) + type: boolean + name: + description: Name to override the default Service name + type: string + type: object hostNetwork: description: HostNetwork indicates if the pod should run in the host networking namespace. @@ -2921,6 +3104,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -2934,6 +3118,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -2969,10 +3154,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or @@ -3032,10 +3220,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its @@ -3050,6 +3241,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -3060,16 +3254,19 @@ spec: Cannot be updated. items: description: EnvFromSource represents the source of a set - of ConfigMaps + of ConfigMaps or Secrets properties: configMapRef: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be @@ -3078,17 +3275,20 @@ spec: type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: Optional text to prepend to the name of each + environment variable. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -3097,6 +3297,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -3125,7 +3326,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -3137,9 +3339,11 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -3166,6 +3370,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -3187,8 +3392,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. + description: Sleep represents a duration that the container + should sleep. properties: seconds: description: Seconds is the number of seconds to @@ -3201,8 +3406,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, @@ -3234,7 +3439,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -3246,9 +3452,11 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -3275,6 +3483,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -3296,8 +3505,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. + description: Sleep represents a duration that the container + should sleep. properties: seconds: description: Seconds is the number of seconds to @@ -3310,8 +3519,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, @@ -3330,6 +3539,12 @@ spec: - port type: object type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string type: object livenessProbe: description: |- @@ -3339,7 +3554,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -3351,6 +3567,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -3359,7 +3576,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -3367,18 +3584,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -3405,6 +3622,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -3444,8 +3662,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -3549,7 +3766,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -3561,6 +3779,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -3569,7 +3788,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -3577,18 +3796,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -3615,6 +3834,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -3654,8 +3874,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -3728,11 +3947,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3743,6 +3960,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -3809,6 +4032,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -3822,6 +4069,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -3829,6 +4077,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -3840,7 +4089,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -3922,7 +4171,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -3974,7 +4222,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -3986,6 +4235,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -3994,7 +4244,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -4002,18 +4252,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -4040,6 +4290,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -4079,8 +4330,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -4181,6 +4431,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. @@ -4200,6 +4453,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -4209,6 +4464,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -4226,6 +4500,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -4249,7 +4526,7 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -4261,9 +4538,10 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -4290,6 +4568,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -4311,8 +4590,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container - should sleep before being terminated. + description: Sleep represents a duration that the container + should sleep. properties: seconds: description: Seconds is the number of seconds to sleep. @@ -4324,8 +4603,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, defaults @@ -4357,7 +4636,7 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -4369,9 +4648,10 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -4398,6 +4678,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -4419,8 +4700,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container - should sleep before being terminated. + description: Sleep represents a duration that the container + should sleep. properties: seconds: description: Seconds is the number of seconds to sleep. @@ -4432,8 +4713,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, defaults @@ -4452,6 +4733,12 @@ spec: - port type: object type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string type: object livenessProbe: description: |- @@ -4535,6 +4822,19 @@ spec: - sidecar - statefulset type: string + monitoringService: + description: MonitoringService to override configuration of the generated + Collector MonitoringService. + properties: + enabled: + description: |- + Enabled indicates whether the Service should be created. + nil means not set (defaults to enabled for backward compatibility) + type: boolean + name: + description: Name to override the default Service name + type: string + type: object nodeSelector: additionalProperties: type: string @@ -4599,21 +4899,41 @@ spec: amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. - In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -4657,6 +4977,32 @@ spec: Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer + seLinuxChangePolicy: + description: |- + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. + It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. + Valid values are "MountOption" and "Recursive". + + "Recursive" means relabeling of all files on all Pod volumes by the container runtime. + This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + This requires all Pods that share the same volume to use the same SELinux label. + It is not possible to share the same volume among privileged and unprivileged Pods. + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes + whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their + CSIDriver instance. Other volumes are always re-labelled recursively. + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. + If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes + and "Recursive" for all other volumes. + + This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. + + All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. + Note that this field cannot be set when spec.os.name is windows. + type: string seLinuxOptions: description: |- The SELinux context to be applied to all containers. @@ -4700,7 +5046,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -4710,17 +5055,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -4740,6 +5096,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. @@ -4788,17 +5145,14 @@ spec: This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -4896,11 +5250,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4911,6 +5263,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4948,12 +5306,10 @@ spec: SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. properties: @@ -4967,6 +5323,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -4979,12 +5359,14 @@ spec: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -4996,7 +5378,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -5078,7 +5460,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -5119,6 +5500,19 @@ spec: type: string type: object type: object + service: + description: Service to override configuration of the generated Collector + Service. + properties: + enabled: + description: |- + Enabled indicates whether the Service should be created. + nil means not set (defaults to enabled for backward compatibility) + type: boolean + name: + description: Name to override the default Service name + type: string + type: object serviceAccount: description: |- ServiceAccount indicates the name of an existing service account to use with this instance. When set, @@ -5182,11 +5576,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -5214,11 +5610,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -5231,6 +5629,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -5275,11 +5674,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -5307,14 +5708,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -5377,11 +5781,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5396,13 +5802,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -5411,13 +5816,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -5457,11 +5861,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5481,6 +5887,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5503,6 +5910,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -5553,11 +5961,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5572,13 +5982,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -5587,13 +5996,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -5633,11 +6041,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5657,6 +6067,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5669,6 +6080,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -5727,11 +6139,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5746,13 +6160,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -5761,13 +6174,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -5807,11 +6219,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5831,6 +6245,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5853,6 +6268,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -5903,11 +6319,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5922,13 +6340,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -5937,13 +6354,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -5983,11 +6399,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6007,6 +6425,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6019,6 +6438,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object allocationStrategy: @@ -6067,10 +6487,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -6130,10 +6553,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -6186,7 +6612,6 @@ spec: description: |- Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. - Default: "30s" format: duration type: string @@ -6215,11 +6640,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -6230,6 +6653,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -6267,18 +6696,39 @@ spec: SecurityContext configures the container security context for the target-allocator. properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -6322,6 +6772,32 @@ spec: Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer + seLinuxChangePolicy: + description: |- + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. + It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. + Valid values are "MountOption" and "Recursive". + + "Recursive" means relabeling of all files on all Pod volumes by the container runtime. + This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + This requires all Pods that share the same volume to use the same SELinux label. + It is not possible to share the same volume among privileged and unprivileged Pods. + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes + whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their + CSIDriver instance. Other volumes are always re-labelled recursively. + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. + If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes + and "Recursive" for all other volumes. + + This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. + + All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. + Note that this field cannot be set when spec.os.name is windows. + type: string seLinuxOptions: description: |- The SELinux context to be applied to all containers. @@ -6365,7 +6841,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -6375,17 +6850,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -6405,6 +6891,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. @@ -6526,11 +7013,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6552,7 +7041,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -6592,7 +7080,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -6601,9 +7088,6 @@ spec: In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer nodeAffinityPolicy: @@ -6613,9 +7097,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string nodeTaintsPolicy: description: |- @@ -6625,9 +7107,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string topologyKey: description: |- @@ -6759,11 +7239,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6785,7 +7267,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -6825,7 +7306,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -6834,9 +7314,6 @@ spec: In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer nodeAffinityPolicy: @@ -6846,9 +7323,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string nodeTaintsPolicy: description: |- @@ -6858,9 +7333,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string topologyKey: description: |- @@ -6909,12 +7382,8 @@ spec: This is only applicable to Daemonset mode. properties: rollingUpdate: - description: |- - Rolling update config params. Present only if type = "RollingUpdate". - --- - TODO: Update this to follow our convention for oneOf, whatever we decide it - to be. Same as Deployment `strategy.rollingUpdate`. - See https://github.com/kubernetes/kubernetes/issues/35345 + description: Rolling update config params. Present only if type + = "RollingUpdate". properties: maxSurge: anyOf: @@ -7029,6 +7498,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -7168,11 +7638,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7200,8 +7672,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -7226,6 +7698,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: description: |- @@ -7240,7 +7713,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus + prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState @@ -7260,12 +7733,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the - given PVC.\n\n\nA controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus\nshould + given PVC.\n\nA controller that receives PVC update with + previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -7284,7 +7757,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nCapacity + prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources @@ -7293,12 +7766,12 @@ spec: capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the - requested capacity.\n\n\nA controller that receives PVC + requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -7315,7 +7788,7 @@ spec: conditions: description: |- conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. + resized then the Condition will be set to 'Resizing'. items: description: PersistentVolumeClaimCondition contains details about state of pvc @@ -7337,31 +7810,39 @@ spec: reason: description: |- reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "ResizeStarted" that means the underlying + for condition's last transition. If it reports "Resizing" that means the underlying persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -7410,6 +7891,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -7419,6 +7902,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -7448,6 +7950,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -7456,7 +7960,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -7480,8 +7983,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, @@ -7496,6 +8001,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7508,6 +8014,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -7517,8 +8024,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -7537,8 +8046,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -7547,6 +8057,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' @@ -7568,10 +8079,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7586,6 +8100,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -7607,10 +8123,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7674,11 +8193,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -7688,8 +8211,7 @@ spec: x-kubernetes-map-type: atomic csi: description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). + storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -7711,10 +8233,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7757,8 +8282,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + only annotations, labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema the FieldPath @@ -7817,6 +8342,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -7850,7 +8376,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -7861,17 +8386,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -7885,7 +8407,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -7895,11 +8416,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -7939,6 +8458,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -8083,11 +8603,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8115,8 +8637,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8142,7 +8664,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -8159,6 +8680,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -8166,11 +8688,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for @@ -8202,10 +8726,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8213,9 +8740,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -8231,6 +8758,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -8239,7 +8768,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -8267,7 +8795,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -8291,6 +8819,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -8320,9 +8849,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -8339,6 +8865,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -8359,7 +8920,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -8371,6 +8931,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -8386,6 +8947,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -8396,10 +8958,13 @@ spec: and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8464,8 +9029,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -8481,8 +9047,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -8516,24 +9085,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -8574,11 +9143,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8657,11 +9228,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -8684,7 +9259,7 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, - name and namespace are supported.' + name, namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -8747,6 +9322,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data @@ -8790,11 +9366,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -8833,10 +9413,12 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -8875,6 +9457,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -8883,7 +9466,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -8891,6 +9473,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -8903,7 +9486,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -8923,14 +9508,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -8941,10 +9530,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -8970,10 +9561,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8982,6 +9576,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -9057,6 +9652,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -9068,8 +9664,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -9088,10 +9685,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9111,8 +9711,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -9146,6 +9748,9 @@ spec: the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string + required: + - config + - managementState type: object status: description: AmazonCloudWatchAgentStatus defines the observed state of diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_dcgmexporters.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_dcgmexporters.yaml index e90f9dde7..4c667e7ca 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_dcgmexporters.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_dcgmexporters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: dcgmexporters.cloudwatch.aws.amazon.com spec: group: cloudwatch.aws.amazon.com @@ -114,11 +114,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -146,11 +148,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -163,6 +167,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -207,11 +212,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -239,14 +246,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -307,11 +317,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -326,13 +338,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -341,13 +352,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -387,11 +397,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -411,6 +423,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -433,6 +446,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -482,11 +496,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -501,13 +517,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -516,13 +531,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -561,11 +575,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -585,6 +601,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -597,6 +614,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. @@ -654,11 +672,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -673,13 +693,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -688,13 +707,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -734,11 +752,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -758,6 +778,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -780,6 +801,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -829,11 +851,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -848,13 +872,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -863,13 +886,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -908,11 +930,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -932,6 +956,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -944,6 +969,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object args: @@ -986,10 +1012,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1048,10 +1077,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1095,17 +1127,14 @@ spec: This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -1167,11 +1196,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1182,6 +1209,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1220,7 +1253,6 @@ spec: the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. properties: @@ -1234,6 +1266,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -1246,12 +1302,14 @@ spec: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -1263,7 +1321,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -1345,7 +1403,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -1454,6 +1511,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -1463,6 +1522,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -1492,6 +1570,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -1500,7 +1580,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -1524,8 +1603,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, @@ -1540,6 +1621,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -1552,6 +1634,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -1561,8 +1644,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -1581,8 +1666,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -1591,6 +1677,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' @@ -1612,10 +1699,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1630,6 +1720,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -1651,10 +1743,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1718,11 +1813,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -1732,8 +1831,7 @@ spec: x-kubernetes-map-type: atomic csi: description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). + storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -1755,10 +1853,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1801,8 +1902,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + only annotations, labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema the FieldPath @@ -1861,6 +1962,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -1894,7 +1996,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -1905,17 +2006,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -1929,7 +2027,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -1939,11 +2036,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -1983,6 +2078,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -2127,11 +2223,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2159,8 +2257,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -2186,7 +2284,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2203,6 +2300,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -2210,11 +2308,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for @@ -2246,10 +2346,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2257,9 +2360,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -2275,6 +2378,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -2283,7 +2388,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2311,7 +2415,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -2335,6 +2439,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -2364,9 +2469,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -2383,6 +2485,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -2403,7 +2540,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -2415,6 +2551,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -2430,6 +2567,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -2440,10 +2578,13 @@ spec: and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2508,8 +2649,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -2525,8 +2667,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -2560,24 +2705,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -2618,11 +2763,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2701,11 +2848,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -2728,7 +2879,7 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, - name and namespace are supported.' + name, namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -2791,6 +2942,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data @@ -2834,11 +2986,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -2877,10 +3033,12 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -2919,6 +3077,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -2927,7 +3086,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -2935,6 +3093,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -2947,7 +3106,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -2967,14 +3128,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -2985,10 +3150,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -3014,10 +3181,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3026,6 +3196,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -3101,6 +3272,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -3112,8 +3284,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -3132,10 +3305,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3155,8 +3331,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -3184,6 +3362,8 @@ spec: type: object type: array x-kubernetes-list-type: atomic + required: + - metricsConfig type: object status: description: DcgmExporterStatus defines the observed state of DcgmExporter. diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_instrumentations.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_instrumentations.yaml index d759cd265..4ce4cda77 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_instrumentations.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_instrumentations.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: instrumentations.cloudwatch.aws.amazon.com spec: group: cloudwatch.aws.amazon.com @@ -95,10 +95,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -158,10 +161,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -217,10 +223,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -280,10 +289,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -309,11 +321,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -324,6 +334,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -409,10 +425,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -472,10 +491,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -501,11 +523,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -516,6 +536,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -593,10 +619,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -655,10 +684,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -723,10 +755,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -786,10 +821,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -815,11 +853,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -830,6 +866,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -911,10 +953,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -974,10 +1019,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1004,11 +1052,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1019,6 +1065,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1100,10 +1152,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -1163,10 +1218,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1222,10 +1280,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -1285,10 +1346,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1314,11 +1378,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1329,6 +1391,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1410,10 +1478,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -1473,10 +1544,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1502,11 +1576,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1517,6 +1589,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1616,10 +1694,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -1679,10 +1760,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1708,11 +1792,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1723,6 +1805,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_neuronmonitors.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_neuronmonitors.yaml index f523ed2a4..2729a59e5 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_neuronmonitors.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_neuronmonitors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: neuronmonitors.cloudwatch.aws.amazon.com spec: group: cloudwatch.aws.amazon.com @@ -114,11 +114,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -146,11 +148,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -163,6 +167,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -207,11 +212,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -239,14 +246,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -307,11 +317,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -326,13 +338,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -341,13 +352,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -387,11 +397,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -411,6 +423,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -433,6 +446,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -482,11 +496,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -501,13 +517,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -516,13 +531,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -561,11 +575,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -585,6 +601,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -597,6 +614,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. @@ -654,11 +672,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -673,13 +693,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -688,13 +707,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -734,11 +752,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -758,6 +778,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -780,6 +801,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -829,11 +851,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -848,13 +872,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -863,13 +886,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array @@ -908,11 +930,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -932,6 +956,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -944,6 +969,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object args: @@ -999,10 +1025,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1061,10 +1090,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1108,17 +1140,14 @@ spec: This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -1180,11 +1209,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1195,6 +1222,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1232,12 +1265,10 @@ spec: SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. properties: @@ -1251,6 +1282,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -1263,12 +1318,14 @@ spec: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -1280,7 +1337,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -1362,7 +1419,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -1467,6 +1523,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -1476,6 +1534,25 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -1505,6 +1582,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -1513,7 +1592,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -1537,8 +1615,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, @@ -1553,6 +1633,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -1565,6 +1646,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -1574,8 +1656,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -1594,8 +1678,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -1604,6 +1689,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' @@ -1625,10 +1711,13 @@ spec: More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1643,6 +1732,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -1664,10 +1755,13 @@ spec: to OpenStack. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1731,11 +1825,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -1745,8 +1843,7 @@ spec: x-kubernetes-map-type: atomic csi: description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). + storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -1768,10 +1865,13 @@ spec: secret object contains more than one secret, all secret references are passed. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1814,8 +1914,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + only annotations, labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema the FieldPath @@ -1874,6 +1974,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -1907,7 +2008,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -1918,17 +2018,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -1942,7 +2039,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -1952,11 +2048,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -1996,6 +2090,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -2140,11 +2235,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2172,8 +2269,8 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -2199,7 +2296,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2216,6 +2312,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -2223,11 +2320,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for @@ -2259,10 +2358,13 @@ spec: scripts. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2270,9 +2372,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -2288,6 +2390,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -2296,7 +2400,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2324,7 +2427,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -2348,6 +2451,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -2377,9 +2481,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -2396,6 +2497,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -2416,7 +2552,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -2428,6 +2563,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -2443,6 +2579,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -2453,10 +2590,13 @@ spec: and initiator authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2521,8 +2661,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -2538,8 +2679,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -2573,24 +2717,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -2631,11 +2775,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2714,11 +2860,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -2741,7 +2891,7 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, - name and namespace are supported.' + name, namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -2804,6 +2954,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data @@ -2847,11 +2998,15 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -2890,10 +3045,12 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -2932,6 +3089,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -2940,7 +3098,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -2948,6 +3105,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -2960,7 +3118,9 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -2980,14 +3140,18 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -2998,10 +3162,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -3027,10 +3193,13 @@ spec: sensitive information. If this is not provided, Login operation will fail. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3039,6 +3208,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -3114,6 +3284,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -3125,8 +3296,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -3145,10 +3317,13 @@ spec: credentials. If not specified, default values will be attempted. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3168,8 +3343,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -3197,6 +3374,8 @@ spec: type: object type: array x-kubernetes-list-type: atomic + required: + - monitorConfig type: object status: description: NeuronMonitorStatus defines the observed state of NeuronMonitor. diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 8eb1a1075..9587769ba 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -72,6 +72,9 @@ rules: - cloudwatch.aws.amazon.com resources: - amazoncloudwatchagents + - dcgmexporters + - instrumentations + - neuronmonitors verbs: - get - list @@ -82,75 +85,10 @@ rules: - cloudwatch.aws.amazon.com resources: - amazoncloudwatchagents/finalizers - verbs: - - get - - patch - - update -- apiGroups: - - cloudwatch.aws.amazon.com - resources: - amazoncloudwatchagents/status - verbs: - - get - - patch - - update -- apiGroups: - - cloudwatch.aws.amazon.com - resources: - - dcgmexporters - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cloudwatch.aws.amazon.com - resources: - dcgmexporters/finalizers - verbs: - - get - - patch - - update -- apiGroups: - - cloudwatch.aws.amazon.com - resources: - dcgmexporters/status - verbs: - - get - - patch - - update -- apiGroups: - - cloudwatch.aws.amazon.com - resources: - - instrumentations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cloudwatch.aws.amazon.com - resources: - - neuronmonitors - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cloudwatch.aws.amazon.com - resources: - neuronmonitors/finalizers - verbs: - - get - - patch - - update -- apiGroups: - - cloudwatch.aws.amazon.com - resources: - neuronmonitors/status verbs: - get diff --git a/docs/api.md b/docs/api.md index a3c53dcbe..bbb12bbd9 100644 --- a/docs/api.md +++ b/docs/api.md @@ -90,6 +90,24 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. + config + string + + Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details.
+ + true + + managementState + enum + + ManagementState defines if the CR should be managed by the operator or not. +Default is managed.
+
+ Enum: managed, unmanaged
+ Default: managed
+ + true + additionalContainers []object @@ -100,11 +118,9 @@ applies to Deployment, DaemonSet, and StatefulSet deployment modes of the collec deployment mode. More info about sidecars: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - Container names managed by the operator: * `otc-container` - Overriding containers managed by the operator is outside the scope of what the maintainers will support and by doing so, you wil accept the risk of it breaking things.
@@ -131,13 +147,6 @@ doing so, you wil accept the risk of it breaking things.
for the AmazonCloudWatchAgent workload.
false - - config - string - - Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details.
- - false configmaps []object @@ -172,6 +181,13 @@ consumed in the config file for the Collector.
These can then in certain cases be consumed in the config file for the Collector.
false + + headlessService + object + + HeadlessService to override configuration of the generated Collector HeadlessService.
+ + false hostNetwork boolean @@ -228,17 +244,6 @@ https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
false - - managementState - enum - - ManagementState defines if the CR should be managed by the operator or not. -Default is managed.
-
- Enum: managed, unmanaged
- Default: managed
- - false maxReplicas integer @@ -268,6 +273,13 @@ Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.
Enum: daemonset, deployment, sidecar, statefulset
false + + monitoringService + object + + MonitoringService to override configuration of the generated Collector MonitoringService.
+ + false nodeSelector map[string]string @@ -314,7 +326,6 @@ for the AmazonCloudWatchAgent workload.
amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. - In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
false @@ -366,16 +377,21 @@ default.
SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container.
false + + service + object + + Service to override configuration of the generated Collector Service.
+ + false serviceAccount string @@ -877,8 +893,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -997,8 +1017,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -1017,7 +1041,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-EnvFromSource represents the source of a set of ConfigMaps +EnvFromSource represents the source of a set of ConfigMaps or Secrets @@ -1039,7 +1063,7 @@ EnvFromSource represents the source of a set of ConfigMaps @@ -1074,8 +1098,12 @@ The ConfigMap to select from @@ -1110,8 +1138,12 @@ The Secret to select from @@ -1167,6 +1199,15 @@ or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ + + + +
prefix string - An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
stopSignalstring + StopSignal defines which signal will be sent to a container when it is being stopped. +If not specified, the default is defined by the container runtime in use. +StopSignal can only be set for Pods with a non-empty .spec.os.name
+ 		false
@@ -1194,21 +1235,21 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
false httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
false sleep object - Sleep represents the duration that the container should sleep before being terminated.
+ Sleep represents a duration that the container should sleep.
false @@ -1216,8 +1257,8 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
false @@ -1229,7 +1270,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified.
-Exec specifies the action to take. +Exec specifies a command to execute in the container. @@ -1260,7 +1301,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
@@ -1354,7 +1395,7 @@ This will be canonicalized upon output, so case-variant names will be understood -Sleep represents the duration that the container should sleep before being terminated. +Sleep represents a duration that the container should sleep.
@@ -1384,8 +1425,8 @@ Sleep represents the duration that the container should sleep before being termi Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
@@ -1444,21 +1485,21 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -1466,8 +1507,8 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -1479,7 +1520,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified.
-Exec specifies the action to take. +Exec specifies a command to execute in the container.
exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
 false
httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
 false
sleep object - Sleep represents the duration that the container should sleep before being terminated.
+ Sleep represents a duration that the container should sleep.
 false
object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
 false
@@ -1510,7 +1551,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
@@ -1604,7 +1645,7 @@ This will be canonicalized upon output, so case-variant names will be understood -Sleep represents the duration that the container should sleep before being terminated. +Sleep represents a duration that the container should sleep.
@@ -1634,8 +1675,8 @@ Sleep represents the duration that the container should sleep before being termi Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
@@ -1689,7 +1730,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -1706,14 +1747,14 @@ Defaults to 3. Minimum value is 1.
@@ -1750,7 +1791,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
@@ -1791,7 +1832,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont -Exec specifies the action to take. +Exec specifies a command to execute in the container.
exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
 false
grpc object - GRPC specifies an action involving a GRPC port.
+ GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
 false
tcpSocket object - TCPSocket specifies an action involving a TCP port.
+ TCPSocket specifies a connection to a TCP port.
 false
@@ -1822,7 +1863,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-GRPC specifies an action involving a GRPC port. +GRPC specifies a GRPC HealthCheckRequest.
@@ -1849,8 +1890,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
@@ -1862,7 +1904,7 @@ If this is not specified, the default behavior is defined by gRPC.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
false
@@ -1956,7 +1998,7 @@ This will be canonicalized upon output, so case-variant names will be understood -TCPSocket specifies an action involving a TCP port. +TCPSocket specifies a connection to a TCP port.
@@ -2078,7 +2120,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -2095,14 +2137,14 @@ Defaults to 3. Minimum value is 1.
@@ -2139,7 +2181,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
@@ -2180,7 +2222,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont -Exec specifies the action to take. +Exec specifies a command to execute in the container.
exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
 false
grpc object - GRPC specifies an action involving a GRPC port.
+ GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
 false
tcpSocket object - TCPSocket specifies an action involving a TCP port.
+ TCPSocket specifies a connection to a TCP port.
 false
@@ -2211,7 +2253,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-GRPC specifies an action involving a GRPC port. +GRPC specifies a GRPC HealthCheckRequest.
@@ -2238,8 +2280,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
@@ -2251,7 +2294,7 @@ If this is not specified, the default behavior is defined by gRPC.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
false
@@ -2345,7 +2388,7 @@ This will be canonicalized upon output, so case-variant names will be understood -TCPSocket specifies an action involving a TCP port. +TCPSocket specifies a connection to a TCP port.
@@ -2437,11 +2480,9 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
@@ -2492,6 +2533,15 @@ the Pod where this field is used. It makes that resource available inside a container.
+ + + + +
false true
requeststring + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ 		false
@@ -2524,6 +2574,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -2551,7 +2610,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -2639,6 +2698,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### AmazonCloudWatchAgent.spec.additionalContainers[index].securityContext.appArmorProfile +[↩ Parent](#amazoncloudwatchagentspecadditionalcontainersindexsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### AmazonCloudWatchAgent.spec.additionalContainers[index].securityContext.capabilities [↩ Parent](#amazoncloudwatchagentspecadditionalcontainersindexsecuritycontext) @@ -2753,7 +2855,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -2858,7 +2959,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
false @@ -2875,14 +2976,14 @@ Defaults to 3. Minimum value is 1.
grpc object - GRPC specifies an action involving a GRPC port.
+ GRPC specifies a GRPC HealthCheckRequest.
false httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
false @@ -2919,7 +3020,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
tcpSocket object - TCPSocket specifies an action involving a TCP port.
+ TCPSocket specifies a connection to a TCP port.
false @@ -2960,7 +3061,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont -Exec specifies the action to take. +Exec specifies a command to execute in the container. @@ -2991,7 +3092,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-GRPC specifies an action involving a GRPC port. +GRPC specifies a GRPC HealthCheckRequest.
@@ -3018,8 +3119,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
@@ -3031,7 +3133,7 @@ If this is not specified, the default behavior is defined by gRPC.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
false
@@ -3125,7 +3227,7 @@ This will be canonicalized upon output, so case-variant names will be understood -TCPSocket specifies an action involving a TCP port. +TCPSocket specifies a connection to a TCP port.
@@ -3228,7 +3330,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
@@ -3239,6 +3343,28 @@ This field is beta in 1.10.
Defaults to false.
+ + + + + @@ -3800,13 +3926,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
@@ -3815,13 +3940,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature @@ -4064,13 +4188,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
@@ -4079,13 +4202,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature @@ -4408,13 +4530,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
@@ -4423,13 +4544,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature @@ -4672,13 +4792,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
@@ -4687,13 +4806,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature @@ -5031,7 +5149,9 @@ the last 300sec is used). @@ -5056,6 +5176,23 @@ If not set, use the default values: Format: int32
+ + + + +
false
false
recursiveReadOnlystring + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ 		false
subPath string MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
 false
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 false
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
 false
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 false
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
 false
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 false
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
 false
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 false
[]object policies is a list of potential scaling polices which can be used during scaling. -At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+If not set, use the default values: +- For scale up: allow doubling the number of pods, or an absolute change of 4 pods in a 15s window. +- For scale down: allow all pods to be removed in a 15s window.
 false
false
toleranceint or string + tolerance is the tolerance on the ratio between the current and desired +metric value under which no updates are made to the desired number of +replicas (e.g. 0.01 for 1%). Must be greater than or equal to zero. If not +set, the default cluster-wide tolerance is applied (by default 10%). + +For example, if autoscaling is configured with a memory consumption target of 100Mi, +and scale-down and scale-up tolerances of 5% and 1% respectively, scaling will be +triggered when the actual consumption falls below 95Mi or exceeds 101Mi. + +This is an alpha field and requires enabling the HPAConfigurableTolerance +feature gate.
+ 		false
@@ -5132,7 +5269,9 @@ No stabilization is used. []object policies is a list of potential scaling polices which can be used during scaling. -At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+If not set, use the default values: +- For scale up: allow doubling the number of pods, or an absolute change of 4 pods in a 15s window. +- For scale down: allow all pods to be removed in a 15s window.
false @@ -5157,6 +5296,23 @@ If not set, use the default values: Format: int32
false + + tolerance + int or string + + tolerance is the tolerance on the ratio between the current and desired +metric value under which no updates are made to the desired number of +replicas (e.g. 0.01 for 1%). Must be greater than or equal to zero. If not +set, the default cluster-wide tolerance is applied (by default 10%). + +For example, if autoscaling is configured with a memory consumption target of 100Mi, +and scale-down and scale-up tolerances of 5% and 1% respectively, scaling will be +triggered when the actual consumption falls below 95Mi or exceeds 101Mi. + +This is an alpha field and requires enabling the HPAConfigurableTolerance +feature gate.
+ + false @@ -5515,10 +5671,7 @@ This is only applicable to Deployment mode. object Rolling update config params. Present only if DeploymentStrategyType = -RollingUpdate. ---- -TODO: Update this to follow our convention for oneOf, whatever we decide it -to be.
+RollingUpdate.
false @@ -5539,9 +5692,6 @@ to be.
Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. ---- -TODO: Update this to follow our convention for oneOf, whatever we decide it -to be. @@ -5716,8 +5866,12 @@ Selects a key of a ConfigMap. @@ -5836,8 +5990,12 @@ Selects a key of a secret in the pod's namespace @@ -5856,7 +6014,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-EnvFromSource represents the source of a set of ConfigMaps +EnvFromSource represents the source of a set of ConfigMaps or Secrets
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -5878,7 +6036,7 @@ EnvFromSource represents the source of a set of ConfigMaps @@ -5913,8 +6071,12 @@ The ConfigMap to select from @@ -5949,8 +6111,12 @@ The Secret to select from @@ -5964,6 +6130,41 @@ TODO: Add other useful fields. apiVersion, kind, uid?
prefix string - An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
+### AmazonCloudWatchAgent.spec.headlessService +[↩ Parent](#amazoncloudwatchagentspec) + + + +HeadlessService to override configuration of the generated Collector HeadlessService. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Enabled indicates whether the Service should be created. +nil means not set (defaults to enabled for backward compatibility)
+ 		false
namestring + Name to override the default Service name
+ 		false
+ + ### AmazonCloudWatchAgent.spec.ingress [↩ Parent](#amazoncloudwatchagentspec) @@ -6524,8 +6725,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -6644,8 +6849,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -6664,7 +6873,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-EnvFromSource represents the source of a set of ConfigMaps +EnvFromSource represents the source of a set of ConfigMaps or Secrets @@ -6686,7 +6895,7 @@ EnvFromSource represents the source of a set of ConfigMaps @@ -6721,8 +6930,12 @@ The ConfigMap to select from @@ -6757,8 +6970,12 @@ The Secret to select from @@ -6814,6 +7031,15 @@ or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ + + + +
prefix string - An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
false
stopSignalstring + StopSignal defines which signal will be sent to a container when it is being stopped. +If not specified, the default is defined by the container runtime in use. +StopSignal can only be set for Pods with a non-empty .spec.os.name
+ 		false
@@ -6841,21 +7067,21 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
false httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
false sleep object - Sleep represents the duration that the container should sleep before being terminated.
+ Sleep represents a duration that the container should sleep.
false @@ -6863,8 +7089,8 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
false @@ -6876,7 +7102,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified.
-Exec specifies the action to take. +Exec specifies a command to execute in the container. @@ -6907,7 +7133,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
@@ -7001,7 +7227,7 @@ This will be canonicalized upon output, so case-variant names will be understood -Sleep represents the duration that the container should sleep before being terminated. +Sleep represents a duration that the container should sleep.
@@ -7031,8 +7257,8 @@ Sleep represents the duration that the container should sleep before being termi Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
@@ -7091,21 +7317,21 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -7113,8 +7339,8 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -7126,7 +7352,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified.
-Exec specifies the action to take. +Exec specifies a command to execute in the container.
exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
 false
httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
 false
sleep object - Sleep represents the duration that the container should sleep before being terminated.
+ Sleep represents a duration that the container should sleep.
 false
object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
 false
@@ -7157,7 +7383,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
@@ -7251,7 +7477,7 @@ This will be canonicalized upon output, so case-variant names will be understood -Sleep represents the duration that the container should sleep before being terminated. +Sleep represents a duration that the container should sleep.
@@ -7281,8 +7507,8 @@ Sleep represents the duration that the container should sleep before being termi Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
@@ -7336,7 +7562,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -7353,14 +7579,14 @@ Defaults to 3. Minimum value is 1.
@@ -7397,7 +7623,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
@@ -7438,7 +7664,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont -Exec specifies the action to take. +Exec specifies a command to execute in the container.
exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
 false
grpc object - GRPC specifies an action involving a GRPC port.
+ GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
 false
tcpSocket object - TCPSocket specifies an action involving a TCP port.
+ TCPSocket specifies a connection to a TCP port.
 false
@@ -7469,7 +7695,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-GRPC specifies an action involving a GRPC port. +GRPC specifies a GRPC HealthCheckRequest.
@@ -7496,8 +7722,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
@@ -7509,7 +7736,7 @@ If this is not specified, the default behavior is defined by gRPC.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
false
@@ -7603,7 +7830,7 @@ This will be canonicalized upon output, so case-variant names will be understood -TCPSocket specifies an action involving a TCP port. +TCPSocket specifies a connection to a TCP port.
@@ -7725,7 +7952,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -7742,14 +7969,14 @@ Defaults to 3. Minimum value is 1.
@@ -7786,7 +8013,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
@@ -7827,7 +8054,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont -Exec specifies the action to take. +Exec specifies a command to execute in the container.
exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
 false
grpc object - GRPC specifies an action involving a GRPC port.
+ GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
 false
tcpSocket object - TCPSocket specifies an action involving a TCP port.
+ TCPSocket specifies a connection to a TCP port.
 false
@@ -7858,7 +8085,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-GRPC specifies an action involving a GRPC port. +GRPC specifies a GRPC HealthCheckRequest.
@@ -7885,8 +8112,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
@@ -7898,7 +8126,7 @@ If this is not specified, the default behavior is defined by gRPC.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
false
@@ -7992,7 +8220,7 @@ This will be canonicalized upon output, so case-variant names will be understood -TCPSocket specifies an action involving a TCP port. +TCPSocket specifies a connection to a TCP port.
@@ -8084,11 +8312,9 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
@@ -8139,6 +8365,15 @@ the Pod where this field is used. It makes that resource available inside a container.
+ + + + +
false true
requeststring + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ 		false
@@ -8171,6 +8406,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -8198,7 +8442,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -8286,6 +8530,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### AmazonCloudWatchAgent.spec.initContainers[index].securityContext.appArmorProfile +[↩ Parent](#amazoncloudwatchagentspecinitcontainersindexsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### AmazonCloudWatchAgent.spec.initContainers[index].securityContext.capabilities [↩ Parent](#amazoncloudwatchagentspecinitcontainersindexsecuritycontext) @@ -8400,7 +8687,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -8505,7 +8791,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
false @@ -8522,14 +8808,14 @@ Defaults to 3. Minimum value is 1.
grpc object - GRPC specifies an action involving a GRPC port.
+ GRPC specifies a GRPC HealthCheckRequest.
false httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
false @@ -8566,7 +8852,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
tcpSocket object - TCPSocket specifies an action involving a TCP port.
+ TCPSocket specifies a connection to a TCP port.
false @@ -8607,7 +8893,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont -Exec specifies the action to take. +Exec specifies a command to execute in the container. @@ -8638,7 +8924,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-GRPC specifies an action involving a GRPC port. +GRPC specifies a GRPC HealthCheckRequest.
@@ -8665,8 +8951,9 @@ GRPC specifies an action involving a GRPC port. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
@@ -8678,7 +8965,7 @@ If this is not specified, the default behavior is defined by gRPC.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
false
@@ -8772,7 +9059,7 @@ This will be canonicalized upon output, so case-variant names will be understood -TCPSocket specifies an action involving a TCP port. +TCPSocket specifies a connection to a TCP port.
@@ -8875,7 +9162,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
@@ -8886,6 +9175,28 @@ This field is beta in 1.10.
Defaults to false.
+ + + + + @@ -8949,6 +9260,15 @@ or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ + + + +
false
false
recursiveReadOnlystring + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ 		false
subPath string false
stopSignalstring + StopSignal defines which signal will be sent to a container when it is being stopped. +If not specified, the default is defined by the container runtime in use. +StopSignal can only be set for Pods with a non-empty .spec.os.name
+ 		false
@@ -8976,21 +9296,21 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
false httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
false sleep object - Sleep represents the duration that the container should sleep before being terminated.
+ Sleep represents a duration that the container should sleep.
false @@ -8998,8 +9318,8 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
false @@ -9011,7 +9331,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified.
-Exec specifies the action to take. +Exec specifies a command to execute in the container. @@ -9042,7 +9362,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
@@ -9136,7 +9456,7 @@ This will be canonicalized upon output, so case-variant names will be understood -Sleep represents the duration that the container should sleep before being terminated. +Sleep represents a duration that the container should sleep.
@@ -9166,8 +9486,8 @@ Sleep represents the duration that the container should sleep before being termi Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
@@ -9226,21 +9546,21 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -9248,8 +9568,8 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -9261,7 +9581,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified.
-Exec specifies the action to take. +Exec specifies a command to execute in the container.
exec object - Exec specifies the action to take.
+ Exec specifies a command to execute in the container.
 false
httpGet object - HTTPGet specifies the http request to perform.
+ HTTPGet specifies an HTTP GET request to perform.
 false
sleep object - Sleep represents the duration that the container should sleep before being terminated.
+ Sleep represents a duration that the container should sleep.
 false
object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
 false
@@ -9292,7 +9612,7 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-HTTPGet specifies the http request to perform. +HTTPGet specifies an HTTP GET request to perform.
@@ -9386,7 +9706,7 @@ This will be canonicalized upon output, so case-variant names will be understood -Sleep represents the duration that the container should sleep before being terminated. +Sleep represents a duration that the container should sleep.
@@ -9416,8 +9736,8 @@ Sleep represents the duration that the container should sleep before being termi Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +for backward compatibility. There is no validation of this field and +lifecycle hooks will fail at runtime when it is specified.
@@ -9539,6 +9859,41 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont
+### AmazonCloudWatchAgent.spec.monitoringService +[↩ Parent](#amazoncloudwatchagentspec) + + + +MonitoringService to override configuration of the generated Collector MonitoringService. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Enabled indicates whether the Service should be created. +nil means not set (defaults to enabled for backward compatibility)
+ 		false
namestring + Name to override the default Service name
+ 		false
+ + ### AmazonCloudWatchAgent.spec.observability [↩ Parent](#amazoncloudwatchagentspec) @@ -9644,7 +9999,6 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. - In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. @@ -9657,6 +10011,14 @@ In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. + + + + + + + + + + @@ -9753,12 +10142,25 @@ Note that this field cannot be set when spec.os.name is windows.
+ + + + + @@ -9785,6 +10187,48 @@ Note that this field cannot be set when spec.os.name is linux.
appArmorProfileobject + appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
fsGroup integer @@ -9664,12 +10026,10 @@ In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

@@ -9729,6 +10089,35 @@ Note that this field cannot be set when spec.os.name is windows.
Format: int64
 false
seLinuxChangePolicystring + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. +It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. +Valid values are "MountOption" and "Recursive". + +"Recursive" means relabeling of all files on all Pod volumes by the container runtime. +This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. + +"MountOption" mounts all eligible Pod volumes with `-o context` mount option. +This requires all Pods that share the same volume to use the same SELinux label. +It is not possible to share the same volume among privileged and unprivileged Pods. +Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes +whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their +CSIDriver instance. Other volumes are always re-labelled recursively. +"MountOption" value is allowed only when SELinuxMount feature gate is enabled. + +If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. +If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes +and "Recursive" for all other volumes. + +This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. + +All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
seLinuxOptions object supplementalGroups []integer - A list of groups applied to the first process run in each container, in addition -to the container's primary GID, the fsGroup (if specified), and group memberships -defined in the container image for the uid of the container process. If unspecified, -no additional groups are added to any container. Note that group memberships -defined in the container image for the uid of the container process are still effective, -even if they are not included in this list. + A list of groups applied to the first process run in each container, in +addition to the container's primary GID and fsGroup (if specified). If +the SupplementalGroupsPolicy feature is enabled, the +supplementalGroupsPolicy field determines whether these are in addition +to or instead of any group memberships defined in the container image. +If unspecified, no additional groups are added, though group memberships +defined in the container image may still be used, depending on the +supplementalGroupsPolicy field. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
supplementalGroupsPolicystring + Defines how supplemental groups of the first container processes are calculated. +Valid values are "Merge" and "Strict". If not specified, "Merge" is used. +(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled +and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 false
+### AmazonCloudWatchAgent.spec.podSecurityContext.appArmorProfile +[↩ Parent](#amazoncloudwatchagentspecpodsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### AmazonCloudWatchAgent.spec.podSecurityContext.seLinuxOptions [↩ Parent](#amazoncloudwatchagentspecpodsecuritycontext) @@ -9862,7 +10306,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -10009,17 +10452,14 @@ This is used as a hint for implementations to offer richer behavior for protocol This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
@@ -10165,11 +10605,9 @@ Resources to set on the OpenTelemetry Collector pods. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -10220,6 +10658,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -10232,12 +10679,10 @@ inside a container.
SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. @@ -10260,6 +10705,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -10287,7 +10741,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -10375,6 +10829,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### AmazonCloudWatchAgent.spec.securityContext.appArmorProfile +[↩ Parent](#amazoncloudwatchagentspecsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### AmazonCloudWatchAgent.spec.securityContext.capabilities [↩ Parent](#amazoncloudwatchagentspecsecuritycontext) @@ -10489,7 +10986,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -10568,6 +11064,41 @@ PodSecurityContext, the value specified in SecurityContext takes precedence.
+### AmazonCloudWatchAgent.spec.service +[↩ Parent](#amazoncloudwatchagentspec) + + + +Service to override configuration of the generated Collector Service. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Enabled indicates whether the Service should be created. +nil means not set (defaults to enabled for backward compatibility)
+ 		false
namestring + Name to override the default Service name
+ 		false
+ + ### AmazonCloudWatchAgent.spec.targetAllocator [↩ Parent](#amazoncloudwatchagentspec) @@ -11242,13 +11773,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
false @@ -11257,13 +11787,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
false @@ -11506,13 +12035,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
false @@ -11521,13 +12049,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
false @@ -11850,13 +12377,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
false @@ -11865,13 +12391,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
false @@ -12114,13 +12639,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
false @@ -12129,13 +12653,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
false @@ -12459,8 +12982,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -12579,8 +13106,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -12633,7 +13164,6 @@ PodMonitor's meta labels. The requirements are ANDed.
Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. - Default: "30s"

Format: duration
@@ -12676,11 +13206,9 @@ Resources to set on the OpenTelemetryTargetAllocator containers. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -12731,6 +13259,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -12753,6 +13290,14 @@ the target-allocator. + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
+ + false + fsGroup integer @@ -12760,12 +13305,10 @@ the target-allocator. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

@@ -12825,6 +13368,35 @@ Note that this field cannot be set when spec.os.name is windows.
Format: int64
false + + seLinuxChangePolicy + string + + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. +It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. +Valid values are "MountOption" and "Recursive". + +"Recursive" means relabeling of all files on all Pod volumes by the container runtime. +This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. + +"MountOption" mounts all eligible Pod volumes with `-o context` mount option. +This requires all Pods that share the same volume to use the same SELinux label. +It is not possible to share the same volume among privileged and unprivileged Pods. +Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes +whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their +CSIDriver instance. Other volumes are always re-labelled recursively. +"MountOption" value is allowed only when SELinuxMount feature gate is enabled. + +If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. +If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes +and "Recursive" for all other volumes. + +This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. + +All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. +Note that this field cannot be set when spec.os.name is windows.
+ + false seLinuxOptions object @@ -12849,12 +13421,25 @@ Note that this field cannot be set when spec.os.name is windows.
supplementalGroups []integer - A list of groups applied to the first process run in each container, in addition -to the container's primary GID, the fsGroup (if specified), and group memberships -defined in the container image for the uid of the container process. If unspecified, -no additional groups are added to any container. Note that group memberships -defined in the container image for the uid of the container process are still effective, -even if they are not included in this list. + A list of groups applied to the first process run in each container, in +addition to the container's primary GID and fsGroup (if specified). If +the SupplementalGroupsPolicy feature is enabled, the +supplementalGroupsPolicy field determines whether these are in addition +to or instead of any group memberships defined in the container image. +If unspecified, no additional groups are added, though group memberships +defined in the container image may still be used, depending on the +supplementalGroupsPolicy field. +Note that this field cannot be set when spec.os.name is windows.
+ + false + + supplementalGroupsPolicy + string + + Defines how supplemental groups of the first container processes are calculated. +Valid values are "Merge" and "Strict". If not specified, "Merge" is used. +(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled +and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
false @@ -12881,6 +13466,48 @@ Note that this field cannot be set when spec.os.name is linux.
+### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.appArmorProfile +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seLinuxOptions [↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) @@ -12958,7 +13585,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -13241,7 +13867,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
false @@ -13260,7 +13885,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -13268,10 +13892,7 @@ labelSelector spread as 2/2/2: The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, -it will violate MaxSkew. - - -This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+it will violate MaxSkew.

Format: int32
@@ -13285,9 +13906,7 @@ when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - -If this value is nil, the behavior is equivalent to the Honor policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+If this value is nil, the behavior is equivalent to the Honor policy.
false @@ -13300,9 +13919,7 @@ pod topology spread skew. Options are: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - -If this value is nil, the behavior is equivalent to the Ignore policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+If this value is nil, the behavior is equivalent to the Ignore policy.
false @@ -13563,7 +14180,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
false @@ -13582,7 +14198,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -13590,10 +14205,7 @@ labelSelector spread as 2/2/2: The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, -it will violate MaxSkew. - - -This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+it will violate MaxSkew.

Format: int32
@@ -13607,9 +14219,7 @@ when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - -If this value is nil, the behavior is equivalent to the Honor policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+If this value is nil, the behavior is equivalent to the Honor policy.
false @@ -13622,9 +14232,7 @@ pod topology spread skew. Options are: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - -If this value is nil, the behavior is equivalent to the Ignore policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+If this value is nil, the behavior is equivalent to the Ignore policy.
false @@ -13737,11 +14345,7 @@ This is only applicable to Daemonset mode. rollingUpdate object - Rolling update config params. Present only if type = "RollingUpdate". ---- -TODO: Update this to follow our convention for oneOf, whatever we decide it -to be. Same as Deployment `strategy.rollingUpdate`. -See https://github.com/kubernetes/kubernetes/issues/35345
+ Rolling update config params. Present only if type = "RollingUpdate".
false @@ -13761,10 +14365,6 @@ See https://github.com/kubernetes/kubernetes/issues/35345
Rolling update config params. Present only if type = "RollingUpdate". ---- -TODO: Update this to follow our convention for oneOf, whatever we decide it -to be. Same as Deployment `strategy.rollingUpdate`. -See https://github.com/kubernetes/kubernetes/issues/35345 @@ -14053,8 +14653,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
@@ -14362,7 +14962,6 @@ Key names follow standard Kubernetes label syntax. Valid values are either: Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. - ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. @@ -14384,13 +14983,11 @@ For example: if expanding a PVC for more capacity - this field can be one of the - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. - A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
@@ -14406,7 +15003,6 @@ Key names follow standard Kubernetes label syntax. Valid values are either: Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. - Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. @@ -14415,13 +15011,11 @@ If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. - A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
@@ -14437,7 +15031,7 @@ This is an alpha field and requires enabling RecoverVolumeExpansionFailure featu @@ -14446,7 +15040,7 @@ resized then the Condition will be set to 'ResizeStarted'.
@@ -14455,7 +15049,7 @@ This is an alpha field and requires enabling VolumeAttributesClass feature.
@@ -14489,14 +15083,17 @@ PersistentVolumeClaimCondition contains details about state of pvc @@ -14529,7 +15126,7 @@ PersistentVolumeClaimCondition contains details about state of pvc @@ -14544,7 +15141,7 @@ persistent volume is being resized.
ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. -This is an alpha field and requires enabling VolumeAttributesClass feature. +This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
false
false false[]object conditions is the current Condition of persistent volume claim. If underlying persistent volume is being -resized then the Condition will be set to 'ResizeStarted'.
+resized then the Condition will be set to 'Resizing'.
 false
currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim -This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 false
ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. -This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 false
status string -
+ Status is the status of the condition. +Can be True, False, Unknown. +More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required
 true
type string - PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+ Type is the type of the condition. +More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about
 true
string reason is a unique, this should be a short, machine understandable string that gives the reason -for condition's last transition. If it reports "ResizeStarted" that means the underlying +for condition's last transition. If it reports "Resizing" that means the underlying persistent volume is being resized.
 false
@@ -14620,7 +15217,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
@@ -14631,6 +15230,28 @@ This field is beta in 1.10.
Defaults to false.
+ + + + + @@ -14684,6 +15305,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam @@ -14691,21 +15314,26 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst @@ -14713,6 +15341,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst @@ -14727,7 +15357,7 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
@@ -14753,7 +15383,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -14764,17 +15393,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
@@ -14791,14 +15417,16 @@ persistent volumes at the same time.
@@ -14807,6 +15435,8 @@ provisioned/attached using an exec based plugin.
@@ -14815,7 +15445,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -14825,6 +15455,7 @@ into the Pod's container.
@@ -14836,10 +15467,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ + + + + + @@ -14872,14 +15520,18 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -14893,7 +15545,8 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -14901,6 +15554,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -14908,7 +15562,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md
@@ -14923,14 +15578,17 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
@@ -14944,6 +15602,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree +awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false
false
recursiveReadOnlystring + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ 		false
subPath string awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree +awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 falseazureDisk object - azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+ azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type +are redirected to the disk.csi.azure.com CSI driver.
 false
azureFile object - azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ azureFile represents an Azure File Service mount on the host and bind mount to the pod. +Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type +are redirected to the file.csi.azure.com CSI driver.
 false
cephfs object - cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. +Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.
 false
object cinder represents a cinder volume attached and mounted on kubelets host machine. +Deprecated: Cinder is deprecated. All operations for the in-tree cinder type +are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false csi object - csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+ csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.
 false
object flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin.
+provisioned/attached using an exec based plugin. +Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.
 false
flocker object - flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+ flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. +Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.
 false
gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree +gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 falseobject gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
 object glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md
 falsefalse
imageobject + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
 false
photonPersistentDisk object - photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. +Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.
 false
portworxVolume object - portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ portworxVolume represents a portworx volume attached and mounted on kubelets host machine. +Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type +are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate +is on.
 false
quobyte object - quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ quobyte represents a Quobyte mount on the host that shares a pod's lifetime. +Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
 false
object rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md
 false scaleIO object - scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
 false
storageos object - storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
 false
vsphereVolume object - vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+ vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. +Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type +are redirected to the csi.vsphere.vmware.com CSI driver.
 false
@@ -14970,8 +15630,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
@@ -15004,6 +15663,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type +are redirected to the disk.csi.azure.com CSI driver.
false
@@ -15042,6 +15703,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
@@ -15057,6 +15720,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
@@ -15069,6 +15734,8 @@ the ReadOnly setting in VolumeMounts.
azureFile represents an Azure File Service mount on the host and bind mount to the pod. +Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type +are redirected to the file.csi.azure.com CSI driver.
false
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+ Default: false
 false
@@ -15110,7 +15777,8 @@ the ReadOnly setting in VolumeMounts.
-cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. +Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.
@@ -15195,8 +15863,12 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -15209,6 +15881,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
cinder represents a cinder volume attached and mounted on kubelets host machine. +Deprecated: Cinder is deprecated. All operations for the in-tree cinder type +are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -15281,8 +15955,12 @@ to OpenStack. @@ -15338,8 +16016,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -15409,7 +16091,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -15493,8 +16175,12 @@ secret object contains more than one secret, all secret references are passed. @@ -15571,7 +16257,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -15605,7 +16291,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -15728,7 +16414,6 @@ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -15739,17 +16424,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. @@ -15774,7 +16456,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -15784,11 +16465,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
 @@ -15809,7 +16488,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -15819,11 +16497,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
false
@@ -15968,8 +16644,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
@@ -16318,8 +16994,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -16365,6 +17040,7 @@ Either wwids or combination of targetWWNs and lun must be set, but not both simu flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.
false
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
@@ -16446,8 +17122,12 @@ scripts. @@ -16459,7 +17139,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. +Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -16496,6 +17177,8 @@ should be considered as deprecated
gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree +gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -16522,8 +17205,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -16558,7 +17240,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. @@ -16605,6 +17287,7 @@ the subdirectory with the given name.
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md
false
@@ -16655,9 +17338,6 @@ machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
@@ -16690,6 +17370,62 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### AmazonCloudWatchAgent.spec.volumes[index].image +[↩ Parent](#amazoncloudwatchagentspecvolumesindex) + + + +image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pullPolicystring + Policy for pulling OCI objects. Possible values are: +Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ 		false
referencestring + Required: Image or artifact reference to be used. +Behaves in the same way as pod.spec.containers[*].image. +Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
+ + ### AmazonCloudWatchAgent.spec.volumes[index].iscsi [↩ Parent](#amazoncloudwatchagentspecvolumesindex) @@ -16753,8 +17489,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false @@ -16772,6 +17507,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+ Default: default
false @@ -16822,8 +17559,12 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -16919,7 +17660,8 @@ Default false.
-photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. +Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. @@ -16955,7 +17697,10 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-portworxVolume represents a portworx volume attached and mounted on kubelets host machine +portworxVolume represents a portworx volume attached and mounted on kubelets host machine. +Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type +are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate +is on.
@@ -17028,7 +17773,8 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -17040,7 +17786,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-Projection that may be projected along with other supported volume types +Projection that may be projected along with other supported volume types. +Exactly one of these fields must be set.
sources []object - sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list +handles one source.
 false
@@ -17058,14 +17805,11 @@ Projection that may be projected along with other supported volume types ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -17113,14 +17857,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -17304,8 +18045,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -17424,7 +18169,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -17458,7 +18203,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -17563,8 +18308,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -17686,7 +18435,8 @@ and must be at least 10 minutes.
-quobyte represents a Quobyte mount on the host that shares a pod's lifetime +quobyte represents a Quobyte mount on the host that shares a pod's lifetime. +Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -17755,6 +18505,7 @@ Defaults to serivceaccount user
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md
@@ -17789,8 +18540,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
@@ -17800,6 +18550,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +
+ Default: /etc/ceph/keyring
 @@ -17809,6 +18561,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
 @@ -17837,6 +18591,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
 @@ -17867,8 +18623,12 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -17881,6 +18641,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
false
false
false
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -17921,6 +18682,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+ Default: xfs
 @@ -17951,6 +18714,8 @@ the ReadOnly setting in VolumeMounts.
 @@ -17994,8 +18759,12 @@ sensitive information. If this is not provided, Login operation will fail. @@ -18123,6 +18892,7 @@ mode, like fsGroup, and the result can be other mode bits set.
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+ Default: ThinProvisioned
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -18204,8 +18974,12 @@ credentials. If not specified, default values will be attempted. @@ -18217,7 +18991,9 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. +Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type +are redirected to the csi.vsphere.vmware.com CSI driver.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -18438,6 +19214,13 @@ DcgmExporterSpec defines the desired state of DcgmExporter. + + + + + - - - - - @@ -18505,7 +19281,6 @@ used to open additional ports that can't be inferred by the operator, like for c the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container.
@@ -19090,13 +19865,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
 @@ -19105,13 +19879,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature @@ -19354,13 +20127,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
 @@ -19369,13 +20141,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature @@ -19698,13 +20469,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
 @@ -19713,13 +20483,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature @@ -19962,13 +20731,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
 @@ -19977,13 +20745,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature @@ -20307,8 +21074,12 @@ Selects a key of a ConfigMap. @@ -20427,8 +21198,12 @@ Selects a key of a secret in the pod's namespace @@ -20476,17 +21251,14 @@ This is used as a hint for implementations to offer richer behavior for protocol This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
@@ -20570,11 +21342,9 @@ Resources to set on the DCGM Exporter pods. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
 @@ -20625,6 +21395,15 @@ the Pod where this field is used. It makes that resource available inside a container.
 + + + + +
metricsConfigstring + MetricsConfig is the raw CSV to be used as metric configuration.
+ 		true
affinity object @@ -18466,13 +19249,6 @@ consumed in the config file for the Collector.
Image indicates the container image to use for the DCGM Exporter.
 false
metricsConfigstring - MetricsConfig is the raw CSV to be used as metric configuration.
- 		false
nodeSelector map[string]string MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
 false
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 false
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
 false
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 false
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
 false
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 false
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
 false
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
falsetrue
requeststring + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ 		false
@@ -20638,7 +21417,6 @@ In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. @@ -20661,6 +21439,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -20688,7 +21475,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -20776,6 +21563,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### DcgmExporter.spec.securityContext.appArmorProfile +[↩ Parent](#dcgmexporterspecsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### DcgmExporter.spec.securityContext.capabilities [↩ Parent](#dcgmexporterspecsecuritycontext) @@ -20890,7 +21720,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -21074,7 +21903,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
false @@ -21085,6 +21916,28 @@ This field is beta in 1.10.
Defaults to false.
false + + recursiveReadOnly + string + + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ + false subPath string @@ -21138,6 +21991,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree +awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false @@ -21145,21 +22000,26 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst azureDisk object - azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+ azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type +are redirected to the disk.csi.azure.com CSI driver.
false azureFile object - azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ azureFile represents an Azure File Service mount on the host and bind mount to the pod. +Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type +are redirected to the file.csi.azure.com CSI driver.
false cephfs object - cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. +Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.
false @@ -21167,6 +22027,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst object cinder represents a cinder volume attached and mounted on kubelets host machine. +Deprecated: Cinder is deprecated. All operations for the in-tree cinder type +are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
false @@ -21181,7 +22043,7 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
csi object - csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+ csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.
false @@ -21207,7 +22069,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -21218,17 +22079,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
@@ -21245,14 +22103,16 @@ persistent volumes at the same time.
object flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin.
+provisioned/attached using an exec based plugin. +Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.
false flocker object - flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+ flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. +Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.
false @@ -21261,6 +22121,8 @@ provisioned/attached using an exec based plugin.
gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree +gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
false @@ -21269,7 +22131,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk object gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
@@ -21279,6 +22141,7 @@ into the Pod's container.
object glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md
false @@ -21290,10 +22153,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ + false + + image + object + + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
false @@ -21326,14 +22206,18 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis photonPersistentDisk object - photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. +Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.
false portworxVolume object - portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ portworxVolume represents a portworx volume attached and mounted on kubelets host machine. +Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type +are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate +is on.
false @@ -21347,7 +22231,8 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis quobyte object - quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ quobyte represents a Quobyte mount on the host that shares a pod's lifetime. +Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
false @@ -21355,6 +22240,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis object rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md
false @@ -21362,7 +22248,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md
scaleIO object - scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
false @@ -21377,14 +22264,17 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
storageos object - storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
false vsphereVolume object - vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+ vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. +Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type +are redirected to the csi.vsphere.vmware.com CSI driver.
false @@ -21398,6 +22288,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree +awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -21424,8 +22316,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
@@ -21458,6 +22349,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type +are redirected to the disk.csi.azure.com CSI driver.
false
@@ -21496,6 +22389,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
@@ -21511,6 +22406,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
@@ -21523,6 +22420,8 @@ the ReadOnly setting in VolumeMounts.
azureFile represents an Azure File Service mount on the host and bind mount to the pod. +Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type +are redirected to the file.csi.azure.com CSI driver.
false
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+ Default: false
 false
@@ -21564,7 +22463,8 @@ the ReadOnly setting in VolumeMounts.
-cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. +Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.
@@ -21649,8 +22549,12 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -21663,6 +22567,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
cinder represents a cinder volume attached and mounted on kubelets host machine. +Deprecated: Cinder is deprecated. All operations for the in-tree cinder type +are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -21735,8 +22641,12 @@ to OpenStack. @@ -21792,8 +22702,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -21863,7 +22777,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -21947,8 +22861,12 @@ secret object contains more than one secret, all secret references are passed. @@ -22025,7 +22943,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -22059,7 +22977,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -22182,7 +23100,6 @@ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -22193,17 +23110,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. @@ -22228,7 +23142,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -22238,11 +23151,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
 @@ -22263,7 +23174,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -22273,11 +23183,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
false
@@ -22422,8 +23330,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
@@ -22772,8 +23680,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -22819,6 +23726,7 @@ Either wwids or combination of targetWWNs and lun must be set, but not both simu flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.
false
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
@@ -22900,8 +23808,12 @@ scripts. @@ -22913,7 +23825,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. +Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -22950,6 +23863,8 @@ should be considered as deprecated
gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree +gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -22976,8 +23891,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -23012,7 +23926,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. @@ -23059,6 +23973,7 @@ the subdirectory with the given name.
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md
false
@@ -23109,9 +24024,6 @@ machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
@@ -23144,6 +24056,62 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### DcgmExporter.spec.volumes[index].image +[↩ Parent](#dcgmexporterspecvolumesindex) + + + +image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pullPolicystring + Policy for pulling OCI objects. Possible values are: +Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ 		false
referencestring + Required: Image or artifact reference to be used. +Behaves in the same way as pod.spec.containers[*].image. +Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
+ + ### DcgmExporter.spec.volumes[index].iscsi [↩ Parent](#dcgmexporterspecvolumesindex) @@ -23207,8 +24175,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false @@ -23226,6 +24193,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+ Default: default
false @@ -23276,8 +24245,12 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -23373,7 +24346,8 @@ Default false.
-photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. +Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. @@ -23409,7 +24383,10 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-portworxVolume represents a portworx volume attached and mounted on kubelets host machine +portworxVolume represents a portworx volume attached and mounted on kubelets host machine. +Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type +are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate +is on.
@@ -23482,7 +24459,8 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -23494,7 +24472,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-Projection that may be projected along with other supported volume types +Projection that may be projected along with other supported volume types. +Exactly one of these fields must be set.
sources []object - sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list +handles one source.
 false
@@ -23512,14 +24491,11 @@ Projection that may be projected along with other supported volume types ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -23567,14 +24543,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -23758,8 +24731,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -23878,7 +24855,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -23912,7 +24889,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -24017,8 +24994,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -24140,7 +25121,8 @@ and must be at least 10 minutes.
-quobyte represents a Quobyte mount on the host that shares a pod's lifetime +quobyte represents a Quobyte mount on the host that shares a pod's lifetime. +Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -24209,6 +25191,7 @@ Defaults to serivceaccount user
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md
@@ -24243,8 +25226,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
@@ -24254,6 +25236,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +
+ Default: /etc/ceph/keyring
 @@ -24263,6 +25247,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
 @@ -24291,6 +25277,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
 @@ -24321,8 +25309,12 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -24335,6 +25327,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
false
false
false
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -24375,6 +25368,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+ Default: xfs
 @@ -24405,6 +25400,8 @@ the ReadOnly setting in VolumeMounts.
 @@ -24448,8 +25445,12 @@ sensitive information. If this is not provided, Login operation will fail. @@ -24577,6 +25578,7 @@ mode, like fsGroup, and the result can be other mode bits set.
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+ Default: ThinProvisioned
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -24658,8 +25660,12 @@ credentials. If not specified, default values will be attempted. @@ -24671,7 +25677,9 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. +Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type +are redirected to the csi.vsphere.vmware.com CSI driver.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -25188,8 +26196,12 @@ Selects a key of a ConfigMap. @@ -25308,8 +26320,12 @@ Selects a key of a secret in the pod's namespace @@ -25450,8 +26466,12 @@ Selects a key of a ConfigMap. @@ -25570,8 +26590,12 @@ Selects a key of a secret in the pod's namespace @@ -25608,11 +26632,9 @@ Resources describes the compute resource requirements. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
 @@ -25663,6 +26685,15 @@ the Pod where this field is used. It makes that resource available inside a container.
 + + + + +
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
falsetrue
requeststring + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ 		false
@@ -25845,8 +26876,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -25965,8 +27000,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -26003,11 +27042,9 @@ Resources describes the compute resource requirements. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -26058,6 +27095,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -26189,8 +27235,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -26309,8 +27359,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -26532,8 +27586,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -26652,8 +27710,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -26690,11 +27752,9 @@ Resources describes the compute resource requirements. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -26745,6 +27805,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -26927,8 +27996,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -27047,8 +28120,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -27085,11 +28162,9 @@ Resources describes the compute resource requirements. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -27140,6 +28215,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -27339,8 +28423,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -27459,8 +28547,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -27601,8 +28693,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -27721,8 +28817,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -27759,11 +28859,9 @@ Resources describes the compute resource requirements. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -27814,6 +28912,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -27996,8 +29103,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -28116,8 +29227,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -28154,11 +29269,9 @@ Resources describes the compute resource requirements. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -28209,6 +29322,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -28391,8 +29513,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -28511,8 +29637,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -28549,11 +29679,9 @@ Resources describes the compute resource requirements. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -28604,6 +29732,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -28754,6 +29891,13 @@ NeuronMonitorSpec defines the desired state of NeuronMonitor. + monitorConfig + string + + MonitorConfig is the raw Json to be used as monitor configuration.
+ + true + affinity object @@ -28796,13 +29940,6 @@ consumed in the config file for the Collector.
Image indicates the container image to use for the Neuron Monitor Exporter.
false - - monitorConfig - string - - MonitorConfig is the raw Json to be used as monitor configuration.
- - false nodeSelector map[string]string @@ -28834,12 +29971,10 @@ used to open additional ports that can't be inferred by the operator, like for c SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container.
@@ -29417,13 +30552,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
false @@ -29432,13 +30566,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
false @@ -29681,13 +30814,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
false @@ -29696,13 +30828,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
false @@ -30025,13 +31156,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
false @@ -30040,13 +31170,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
false @@ -30289,13 +31418,12 @@ If it's null, this PodAffinityTerm matches with no Pods.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set.
false @@ -30304,13 +31432,12 @@ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
false @@ -30634,8 +31761,12 @@ Selects a key of a ConfigMap. string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -30754,8 +31885,12 @@ Selects a key of a secret in the pod's namespace string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -30803,17 +31938,14 @@ This is used as a hint for implementations to offer richer behavior for protocol This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
@@ -30897,11 +32029,9 @@ Resources to set on the Neuron Monitor Exporter pods. Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
false @@ -30952,6 +32082,15 @@ the Pod where this field is used. It makes that resource available inside a container.
true + + request + string + + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ + false @@ -30964,12 +32103,10 @@ inside a container.
SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. @@ -30992,6 +32129,15 @@ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ + false + + appArmorProfile + object + + appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
false @@ -31019,7 +32165,7 @@ Note that this field cannot be set when spec.os.name is windows.
string procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for +The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
@@ -31107,6 +32253,49 @@ Note that this field cannot be set when spec.os.name is linux.
+### NeuronMonitor.spec.securityContext.appArmorProfile +[↩ Parent](#neuronmonitorspecsecuritycontext) + + + +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement.
+ 		true
localhostProfilestring + localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost".
+ 		false
+ + ### NeuronMonitor.spec.securityContext.capabilities [↩ Parent](#neuronmonitorspecsecuritycontext) @@ -31221,7 +32410,6 @@ Note that this field cannot be set when spec.os.name is windows. type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
@@ -31405,7 +32593,9 @@ not contain ':'.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. -This field is beta in 1.10.
+This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None).
false @@ -31416,6 +32606,28 @@ This field is beta in 1.10.
Defaults to false.
false + + recursiveReadOnly + string + + RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + +If ReadOnly is false, this field has no meaning and must be unspecified. + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + +If this field is not specified, it is treated as an equivalent of Disabled.
+ + false subPath string @@ -31469,6 +32681,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree +awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false @@ -31476,21 +32690,26 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst azureDisk object - azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+ azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type +are redirected to the disk.csi.azure.com CSI driver.
false azureFile object - azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ azureFile represents an Azure File Service mount on the host and bind mount to the pod. +Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type +are redirected to the file.csi.azure.com CSI driver.
false cephfs object - cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. +Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.
false @@ -31498,6 +32717,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst object cinder represents a cinder volume attached and mounted on kubelets host machine. +Deprecated: Cinder is deprecated. All operations for the in-tree cinder type +are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
false @@ -31512,7 +32733,7 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
csi object - csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+ csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.
false @@ -31538,7 +32759,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -31549,17 +32769,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
@@ -31576,14 +32793,16 @@ persistent volumes at the same time.
object flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin.
+provisioned/attached using an exec based plugin. +Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.
false flocker object - flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+ flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. +Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.
false @@ -31592,6 +32811,8 @@ provisioned/attached using an exec based plugin.
gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree +gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
false @@ -31600,7 +32821,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk object gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
@@ -31610,6 +32831,7 @@ into the Pod's container.
object glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md
false @@ -31621,10 +32843,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ + false + + image + object + + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
false @@ -31657,14 +32896,18 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis photonPersistentDisk object - photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. +Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.
false portworxVolume object - portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ portworxVolume represents a portworx volume attached and mounted on kubelets host machine. +Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type +are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate +is on.
false @@ -31678,7 +32921,8 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis quobyte object - quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ quobyte represents a Quobyte mount on the host that shares a pod's lifetime. +Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
false @@ -31686,6 +32930,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis object rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md
false @@ -31693,7 +32938,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md
scaleIO object - scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
false @@ -31708,14 +32954,17 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
storageos object - storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
false vsphereVolume object - vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+ vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. +Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type +are redirected to the csi.vsphere.vmware.com CSI driver.
false @@ -31729,6 +32978,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree +awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -31755,8 +33006,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
@@ -31789,6 +33039,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type +are redirected to the disk.csi.azure.com CSI driver.
false
@@ -31827,6 +33079,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
@@ -31842,6 +33096,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
@@ -31854,6 +33110,8 @@ the ReadOnly setting in VolumeMounts.
azureFile represents an Azure File Service mount on the host and bind mount to the pod. +Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type +are redirected to the file.csi.azure.com CSI driver.
false
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+ Default: false
 false
@@ -31895,7 +33153,8 @@ the ReadOnly setting in VolumeMounts.
-cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. +Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.
@@ -31980,8 +33239,12 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -31994,6 +33257,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
cinder represents a cinder volume attached and mounted on kubelets host machine. +Deprecated: Cinder is deprecated. All operations for the in-tree cinder type +are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -32066,8 +33331,12 @@ to OpenStack. @@ -32123,8 +33392,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -32194,7 +33467,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -32278,8 +33551,12 @@ secret object contains more than one secret, all secret references are passed. @@ -32356,7 +33633,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -32390,7 +33667,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -32513,7 +33790,6 @@ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -32524,17 +33800,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. @@ -32559,7 +33832,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -32569,11 +33841,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
 @@ -32594,7 +33864,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -32604,11 +33873,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
false
@@ -32753,8 +34020,8 @@ will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
@@ -33103,8 +34370,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -33150,6 +34416,7 @@ Either wwids or combination of targetWWNs and lun must be set, but not both simu flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.
false
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
@@ -33231,8 +34498,12 @@ scripts. @@ -33244,7 +34515,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. +Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -33281,6 +34553,8 @@ should be considered as deprecated
gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. +Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree +gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -33307,8 +34581,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -33343,7 +34616,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. @@ -33390,6 +34663,7 @@ the subdirectory with the given name.
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md
false
@@ -33440,9 +34714,6 @@ machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
@@ -33475,6 +34746,62 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### NeuronMonitor.spec.volumes[index].image +[↩ Parent](#neuronmonitorspecvolumesindex) + + + +image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pullPolicystring + Policy for pulling OCI objects. Possible values are: +Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ 		false
referencestring + Required: Image or artifact reference to be used. +Behaves in the same way as pod.spec.containers[*].image. +Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
+ + ### NeuronMonitor.spec.volumes[index].iscsi [↩ Parent](#neuronmonitorspecvolumesindex) @@ -33538,8 +34865,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false @@ -33557,6 +34883,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+ Default: default
false @@ -33607,8 +34935,12 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false @@ -33704,7 +35036,8 @@ Default false.
-photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. +Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. @@ -33740,7 +35073,10 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-portworxVolume represents a portworx volume attached and mounted on kubelets host machine +portworxVolume represents a portworx volume attached and mounted on kubelets host machine. +Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type +are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate +is on.
@@ -33813,7 +35149,8 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -33825,7 +35162,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-Projection that may be projected along with other supported volume types +Projection that may be projected along with other supported volume types. +Exactly one of these fields must be set.
sources []object - sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list +handles one source.
 false
@@ -33843,14 +35181,11 @@ Projection that may be projected along with other supported volume types ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -33898,14 +35233,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -34089,8 +35421,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -34209,7 +35545,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -34243,7 +35579,7 @@ mode, like fsGroup, and the result can be other mode bits set.
-Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
fieldRef object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
 false
@@ -34348,8 +35684,12 @@ relative and may not contain the '..' path or start with '..'.
@@ -34471,7 +35811,8 @@ and must be at least 10 minutes.
-quobyte represents a Quobyte mount on the host that shares a pod's lifetime +quobyte represents a Quobyte mount on the host that shares a pod's lifetime. +Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -34540,6 +35881,7 @@ Defaults to serivceaccount user
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md
@@ -34574,8 +35916,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
@@ -34585,6 +35926,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +
+ Default: /etc/ceph/keyring
 @@ -34594,6 +35937,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
 @@ -34622,6 +35967,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
 @@ -34652,8 +35999,12 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -34666,6 +36017,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
false
false
false
false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -34706,6 +36058,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+ Default: xfs
 @@ -34736,6 +36090,8 @@ the ReadOnly setting in VolumeMounts.
 @@ -34779,8 +36135,12 @@ sensitive information. If this is not provided, Login operation will fail. @@ -34908,6 +36268,7 @@ mode, like fsGroup, and the result can be other mode bits set.
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+ Default: ThinProvisioned
 false
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
@@ -34989,8 +36350,12 @@ credentials. If not specified, default values will be attempted. @@ -35002,7 +36367,9 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. +Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type +are redirected to the csi.vsphere.vmware.com CSI driver.
string Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
false
diff --git a/internal/manifests/collector/collector.go b/internal/manifests/collector/collector.go index 4e6a9f334..6f3f6428a 100644 --- a/internal/manifests/collector/collector.go +++ b/internal/manifests/collector/collector.go @@ -34,15 +34,24 @@ func Build(params manifests.Params) ([]client.Object, error) { manifestFactories = append(manifestFactories, []manifests.K8sManifestFactory{ manifests.FactoryWithoutError(HorizontalPodAutoscaler), manifests.FactoryWithoutError(ServiceAccount), - manifests.Factory(Service), - manifests.Factory(HeadlessService), - manifests.Factory(MonitoringService), manifests.Factory(Ingress), }...) + if params.OtelCol.Spec.Service.IsEnabled() { + manifestFactories = append(manifestFactories, manifests.Factory(Service)) + } + if params.OtelCol.Spec.HeadlessService.IsEnabled() { + manifestFactories = append(manifestFactories, manifests.Factory(HeadlessService)) + } + if params.OtelCol.Spec.MonitoringService.IsEnabled() { + manifestFactories = append(manifestFactories, manifests.Factory(MonitoringService)) + } if params.OtelCol.Spec.Observability.Metrics.EnableMetrics && featuregate.PrometheusOperatorIsAvailable.IsEnabled() { if params.OtelCol.Spec.Mode == v1alpha1.ModeSidecar { manifestFactories = append(manifestFactories, manifests.Factory(PodMonitor)) } else { + if params.OtelCol.Spec.Service.IsEnabled() { + manifestFactories = append(manifestFactories, manifests.Factory(ServiceMonitor)) + } manifestFactories = append(manifestFactories, manifests.Factory(ServiceMonitor)) } } diff --git a/internal/manifests/collector/collector_test.go b/internal/manifests/collector/collector_test.go new file mode 100644 index 000000000..3b89ca425 --- /dev/null +++ b/internal/manifests/collector/collector_test.go @@ -0,0 +1,103 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package collector + +import ( + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "testing" + + "github.com/go-logr/logr" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "k8s.io/utils/ptr" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" +) + +func TestBuild(t *testing.T) { + logger := logr.Discard() + tests := []struct { + name string + params manifests.Params + expectedObjects int + wantErr bool + }{ + { + name: "deployment mode builds expected manifests", + params: manifests.Params{ + Log: logger, + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Mode: v1alpha1.ModeDeployment, + Config: "{\"agent\":\"\"}", + }, + }, + Config: config.New(), + }, + expectedObjects: 4, // ConfigMap, ServiceAccount, Deployment, MonitoringService + wantErr: false, + }, + { + name: "statefulset mode builds expected manifests", + params: manifests.Params{ + Log: logger, + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Mode: v1alpha1.ModeStatefulSet, + Config: "{\"agent\":\"\"}", + }, + }, + Config: config.New(), + }, + expectedObjects: 4, // ConfigMap, ServiceAccount, StatefulSet, MonitoringService + wantErr: false, + }, + { + name: "sidecar mode skips deployment manifests", + params: manifests.Params{ + Log: logger, + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Mode: v1alpha1.ModeSidecar, + Config: "{\"agent\":\"\"}", + }, + }, + Config: config.New(), + }, + expectedObjects: 3, // ConfigMap, ServiceAccount, MonitoringService + wantErr: false, + }, + { + name: "disabled services are not created", + params: manifests.Params{ + Log: logger, + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Mode: v1alpha1.ModeDeployment, + MonitoringService: v1alpha1.ServiceSpec{Enabled: ptr.To(false)}, + Config: "{\"agent\":\"\"}", + }, + }, + Config: config.New(), + }, + expectedObjects: 3, // ConfigMap, ServiceAccount, Deployment + wantErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + + objects, err := Build(tt.params) + if tt.wantErr { + require.Error(t, err) + return + } + + require.NoError(t, err) + assert.Len(t, objects, tt.expectedObjects) + }) + } +} diff --git a/internal/manifests/collector/service.go b/internal/manifests/collector/service.go index d468027bb..59434a9ef 100644 --- a/internal/manifests/collector/service.go +++ b/internal/manifests/collector/service.go @@ -29,7 +29,10 @@ func HeadlessService(params manifests.Params) (*corev1.Service, error) { return h, err } - h.Name = naming.HeadlessService(params.OtelCol.Name) + h.Name = params.OtelCol.Spec.HeadlessService.Name + if h.Name == "" { + h.Name = naming.HeadlessService(params.OtelCol.Name) + } h.Labels[headlessLabel] = headlessExists // copy to avoid modifying params.OtelCol.Annotations @@ -46,7 +49,10 @@ func HeadlessService(params manifests.Params) (*corev1.Service, error) { } func MonitoringService(params manifests.Params) (*corev1.Service, error) { - name := naming.MonitoringService(params.OtelCol.Name) + name := params.OtelCol.Spec.MonitoringService.Name + if name == "" { + name = naming.MonitoringService(params.OtelCol.Name) + } labels := manifestutils.Labels(params.OtelCol.ObjectMeta, name, params.OtelCol.Spec.Image, ComponentAmazonCloudWatchAgent, []string{}) c, err := adapters.ConfigFromString(params.OtelCol.Spec.Config) @@ -79,7 +85,10 @@ func MonitoringService(params manifests.Params) (*corev1.Service, error) { } func Service(params manifests.Params) (*corev1.Service, error) { - name := naming.Service(params.OtelCol.Name) + name := params.OtelCol.Spec.Service.Name + if name == "" { + name = naming.Service(params.OtelCol.Name) + } labels := manifestutils.Labels(params.OtelCol.ObjectMeta, name, params.OtelCol.Spec.Image, ComponentAmazonCloudWatchAgent, []string{}) ports := getContainerPorts(params.Log, params.OtelCol.Spec.Config, params.OtelCol.Spec.OtelConfig, params.OtelCol.Spec.Ports) @@ -98,7 +107,7 @@ func Service(params manifests.Params) (*corev1.Service, error) { return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: naming.Service(params.OtelCol.Name), + Name: name, Namespace: params.OtelCol.Namespace, Labels: labels, Annotations: params.OtelCol.Annotations, diff --git a/internal/manifests/collector/service_test.go b/internal/manifests/collector/service_test.go index 153c5ebdc..070991f6a 100644 --- a/internal/manifests/collector/service_test.go +++ b/internal/manifests/collector/service_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" @@ -175,6 +176,15 @@ func TestDesiredService(t *testing.T) { assert.Nil(t, actual) }) + + t.Run("should use custom service name when specified", func(t *testing.T) { + params := deploymentParams() + params.OtelCol.Spec.Service = v1alpha1.ServiceSpec{Enabled: ptr.To(true), Name: "custom-service"} + actual, err := Service(params) + assert.NoError(t, err) + assert.NotNil(t, actual) + assert.Equal(t, "custom-service", actual.Name) + }) } func TestHeadlessService(t *testing.T) { @@ -185,6 +195,14 @@ func TestHeadlessService(t *testing.T) { assert.Equal(t, actual.GetAnnotations()["service.beta.openshift.io/serving-cert-secret-name"], "test-headless-tls") assert.Equal(t, actual.Spec.ClusterIP, "None") }) + + t.Run("should use custom headless service name when specified", func(t *testing.T) { + params := deploymentParams() + params.OtelCol.Spec.HeadlessService = v1alpha1.ServiceSpec{Enabled: ptr.To(true), Name: "custom-headless-service"} + actual, err := HeadlessService(params) + assert.NoError(t, err) + assert.Equal(t, "custom-headless-service", actual.Name) + }) } func TestMonitoringService(t *testing.T) { @@ -219,6 +237,14 @@ func TestMonitoringService(t *testing.T) { assert.NotNil(t, actual) assert.Equal(t, expected, actual.Spec.Ports) }) + + t.Run("should use custom monitoring service name when specified", func(t *testing.T) { + params := deploymentParams() + params.OtelCol.Spec.MonitoringService = v1alpha1.ServiceSpec{Enabled: ptr.To(true), Name: "custom-monitoring-service"} + actual, err := MonitoringService(params) + assert.NoError(t, err) + assert.Equal(t, "custom-monitoring-service", actual.Name) + }) } func service(name string, ports []v1.ServicePort) v1.Service { From e0e4fd13a9a6d55b22dcb75fcb5660001dd2dcb4 Mon Sep 17 00:00:00 2001 From: Kaushik Surya Date: Mon, 11 Aug 2025 14:26:44 -0400 Subject: [PATCH 2/2] Remove redundant line --- internal/manifests/collector/collector.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/manifests/collector/collector.go b/internal/manifests/collector/collector.go index 6f3f6428a..26f51c61a 100644 --- a/internal/manifests/collector/collector.go +++ b/internal/manifests/collector/collector.go @@ -52,7 +52,6 @@ func Build(params manifests.Params) ([]client.Object, error) { if params.OtelCol.Spec.Service.IsEnabled() { manifestFactories = append(manifestFactories, manifests.Factory(ServiceMonitor)) } - manifestFactories = append(manifestFactories, manifests.Factory(ServiceMonitor)) } } for _, factory := range manifestFactories {