From d20938743f0ce73595ae7349b143c3f893568dc0 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Wed, 10 Jan 2024 17:37:16 -0800 Subject: [PATCH] Update kubestash crds Signed-off-by: Tamal Saha --- go.mod | 2 +- go.sum | 4 +- .../addons.kubestash.com/v1alpha1/addons.yaml | 614 ++- .../v1alpha1/functions.yaml | 83 +- .../v1alpha1/backupbatches.yaml | 4050 +++++++++++++--- .../v1alpha1/backupblueprints.yaml | 4175 ++++++++++++++--- .../v1alpha1/backupconfigurations.yaml | 3816 +++++++++++++-- .../v1alpha1/hooktemplates.yaml | 207 +- .../v1alpha1/restoresessions.yaml | 3087 ++++++++++-- .../v1alpha1/backupstorages.yaml | 583 ++- .../client-go/apiextensions/controller.go | 87 + .../client-go/apiextensions/kubernetes.go | 20 + .../client-go/meta/preconditions.go | 6 +- vendor/modules.txt | 2 +- 14 files changed, 14420 insertions(+), 2316 deletions(-) create mode 100644 vendor/kmodules.xyz/client-go/apiextensions/controller.go diff --git a/go.mod b/go.mod index 47374532f..9b26491ad 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( k8s.io/klog/v2 v2.110.1 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 kmodules.xyz/apiversion v0.2.0 - kmodules.xyz/client-go v0.29.4 + kmodules.xyz/client-go v0.29.6 kmodules.xyz/crd-schema-fuzz v0.29.1 kmodules.xyz/go-containerregistry v0.0.12 kmodules.xyz/resource-metrics v0.29.0 diff --git a/go.sum b/go.sum index 15c18ee46..4d7bf96d1 100644 --- a/go.sum +++ b/go.sum @@ -311,8 +311,8 @@ k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSn k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= kmodules.xyz/apiversion v0.2.0 h1:vAQYqZFm4xu4pbB1cAdHbFEPES6EQkcR4wc06xdTOWk= kmodules.xyz/apiversion v0.2.0/go.mod h1:oPX8g8LvlPdPX3Yc5YvCzJHQnw3YF/X4/jdW0b1am80= -kmodules.xyz/client-go v0.29.4 h1:WW4vlYtzLc9JXrJjcFuJO4DX/kIZ5ia7QtDyhNDUwfI= -kmodules.xyz/client-go v0.29.4/go.mod h1:xWlS/1zWkx1sIKCAkzULy9570mHZYi2exDECEoP1ek4= +kmodules.xyz/client-go v0.29.6 h1:xTVq5LZvsPBUTLY7PORq7zveLOj/vpuTDvkpHWOk3RM= +kmodules.xyz/client-go v0.29.6/go.mod h1:pHuzpwzEcDUIGjVVvwz9N8lY+6A7HXwvs2d7NtK7Hho= kmodules.xyz/crd-schema-fuzz v0.29.1 h1:zJTlWYOrT5dsVVHW8HGcnR/vaWfxQfNh11QwTtkYpcs= kmodules.xyz/crd-schema-fuzz v0.29.1/go.mod h1:n708z9YQqLMP2KNLQVgBcRJw1QpSWLvpNCEi+KJDOYE= kmodules.xyz/go-containerregistry v0.0.12 h1:Tl32QGmSqRVm9PUEb/f3dgDeu9zW5fVzt3qmAFIE37I= diff --git a/hub/resourcedescriptors/addons.kubestash.com/v1alpha1/addons.yaml b/hub/resourcedescriptors/addons.kubestash.com/v1alpha1/addons.yaml index 384b629fd..92dbd0820 100644 --- a/hub/resourcedescriptors/addons.kubestash.com/v1alpha1/addons.yaml +++ b/hub/resourcedescriptors/addons.kubestash.com/v1alpha1/addons.yaml @@ -658,7 +658,7 @@ spec: be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -821,11 +821,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -859,10 +859,13 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -889,31 +892,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the - functionality of the DataSource field + functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to the + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them - is empty and the other is non-empty. There - are two important differences between - DataSource and DataSourceRef: * While - DataSource only allows two specific types - of objects, DataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -931,11 +942,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -970,7 +993,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -1034,6 +1058,32 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can + be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to empty + string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will + be set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set + to a Pending state, as reflected by the + modifyVolumeStatus field, until such as + a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -1405,6 +1455,114 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a + pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating + file. \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle objects + can either be selected by name, or by the + combination of signer name and a label selector. + \n Kubelet performs aggressive normalization + of the PEM contents written into the pod + filesystem. Esoteric PEM features such + as inter-block comments and block headers + are stripped. Certificates are deduplicated. + The ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as + "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then + the named ClusterTrustBundle is allowed + not to exist. If using signerName, + then the combination of signerName and + labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -2058,11 +2216,11 @@ spec: type: string name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -2095,10 +2253,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always - have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the @@ -2124,29 +2285,37 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of the - specified object matches some installed volume - populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, + be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding + will only succeed if the type of the specified + object matches some installed volume populator + or dynamic provisioner. This field will replace + the functionality of the dataSource field + and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource and - DataSourceRef) will be set to the same value - automatically if one of them is empty and - the other is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed - value is specified. (Beta) Using this field - requires the AnyVolumeDataSource feature gate - to be enabled.' + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same + value automatically if one of them is empty + and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all + values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows + objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the @@ -2163,11 +2332,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -2200,7 +2379,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2261,6 +2441,29 @@ spec: the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass used + by this claim. If specified, the CSI driver + will create or update the volume with the + attributes defined in the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, this + PersistentVolumeClaim will be set to a Pending + state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of @@ -2905,7 +3108,7 @@ spec: be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3068,11 +3271,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3106,10 +3309,13 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -3136,31 +3342,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the - functionality of the DataSource field + functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to the + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them - is empty and the other is non-empty. There - are two important differences between - DataSource and DataSourceRef: * While - DataSource only allows two specific types - of objects, DataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -3178,11 +3392,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -3217,7 +3443,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -3281,6 +3508,32 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can + be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to empty + string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will + be set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set + to a Pending state, as reflected by the + modifyVolumeStatus field, until such as + a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -3652,6 +3905,114 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a + pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating + file. \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle objects + can either be selected by name, or by the + combination of signer name and a label selector. + \n Kubelet performs aggressive normalization + of the PEM contents written into the pod + filesystem. Esoteric PEM features such + as inter-block comments and block headers + are stripped. Certificates are deduplicated. + The ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as + "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then + the named ClusterTrustBundle is allowed + not to exist. If using signerName, + then the combination of signerName and + labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -4305,11 +4666,11 @@ spec: type: string name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -4342,10 +4703,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always - have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the @@ -4371,29 +4735,37 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of the - specified object matches some installed volume - populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, + be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding + will only succeed if the type of the specified + object matches some installed volume populator + or dynamic provisioner. This field will replace + the functionality of the dataSource field + and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource and - DataSourceRef) will be set to the same value - automatically if one of them is empty and - the other is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed - value is specified. (Beta) Using this field - requires the AnyVolumeDataSource feature gate - to be enabled.' + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same + value automatically if one of them is empty + and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all + values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows + objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the @@ -4410,11 +4782,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -4447,7 +4829,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4508,6 +4891,29 @@ spec: the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass used + by this claim. If specified, the CSI driver + will create or update the volume with the + attributes defined in the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, this + PersistentVolumeClaim will be set to a Pending + state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of diff --git a/hub/resourcedescriptors/addons.kubestash.com/v1alpha1/functions.yaml b/hub/resourcedescriptors/addons.kubestash.com/v1alpha1/functions.yaml index c5e9e5b8a..27744f292 100644 --- a/hub/resourcedescriptors/addons.kubestash.com/v1alpha1/functions.yaml +++ b/hub/resourcedescriptors/addons.kubestash.com/v1alpha1/functions.yaml @@ -337,7 +337,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -365,6 +367,17 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -432,7 +445,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -460,6 +475,17 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -511,8 +537,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number must @@ -543,7 +567,9 @@ spec: used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized + upon output, so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -665,8 +691,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number must @@ -697,7 +721,9 @@ spec: used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized + upon output, so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -786,6 +812,27 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -806,7 +853,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -922,7 +970,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT + be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -953,15 +1002,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this - field without the feature flag will result in errors when - validating the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then - HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers and + non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint diff --git a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupbatches.yaml b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupbatches.yaml index 703789e22..75fa1d133 100644 --- a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupbatches.yaml +++ b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupbatches.yaml @@ -459,7 +459,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -490,6 +493,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -577,7 +593,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -608,6 +627,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -669,9 +701,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -710,7 +740,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -854,9 +887,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -895,7 +926,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -999,6 +1033,32 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1022,7 +1082,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1165,8 +1226,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -1206,18 +1268,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -1563,7 +1621,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1636,6 +1696,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -1795,7 +1916,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1863,6 +1986,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -2013,7 +2191,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -2086,6 +2266,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -2245,7 +2486,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -2313,6 +2556,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -2660,8 +2958,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -2680,8 +2979,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -2736,18 +3042,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -2897,18 +3199,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -2989,8 +3298,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -3003,8 +3312,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -3699,7 +4008,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3884,11 +4193,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3923,11 +4232,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -3956,33 +4269,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -4002,11 +4325,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -4044,7 +4379,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4114,6 +4450,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -4513,6 +4877,124 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into the + pod filesystem. Esoteric PEM features + such as inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering of + certificates within the file is arbitrary, + and Kubelet may change the order over + time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't available. If + using name, then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -5437,7 +5919,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -5468,6 +5953,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -5555,7 +6053,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -5586,6 +6087,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -5647,9 +6161,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -5688,7 +6200,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -5832,9 +6347,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -5873,7 +6386,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -5977,6 +6493,32 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6000,7 +6542,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -6143,8 +6686,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -6184,18 +6728,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -6541,7 +7081,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -6614,6 +7156,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -6773,7 +7376,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -6841,6 +7446,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -6991,7 +7651,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -7064,6 +7726,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -7223,7 +7946,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -7291,6 +8016,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -7638,8 +8418,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -7658,8 +8439,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -7714,18 +8502,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -7875,18 +8659,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -7967,8 +8758,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -7981,8 +8772,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -8677,7 +9468,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -8862,11 +9653,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8901,11 +9692,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -8934,33 +9729,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -8980,11 +9785,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -9022,7 +9839,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9092,6 +9910,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -9491,6 +10337,124 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into the + pod filesystem. Esoteric PEM features + such as inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering of + certificates within the file is arbitrary, + and Kubelet may change the order over + time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't available. If + using name, then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -10579,7 +11543,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -10648,6 +11614,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -10801,7 +11827,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -10864,6 +11891,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -11004,7 +12083,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -11073,6 +12154,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -11226,7 +12367,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -11289,6 +12431,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -11545,8 +12739,8 @@ spec: preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind @@ -11586,18 +12780,13 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + Process' container. All of a Pod's containers + must have the same effective HostProcess + value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess + is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -12158,7 +13347,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -12191,6 +13384,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12282,7 +13488,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -12315,6 +13525,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12381,9 +13604,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -12423,7 +13644,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -12627,9 +13851,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -12669,7 +13891,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -12773,11 +13998,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize policy + applies. Supported values: cpu, + memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults to + NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -12802,9 +14078,37 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set for + init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, the + restart behavior is defined by the Pod''s + restart policy and the container type. + Setting the RestartPolicy as "Always" + for the init container will have the following + effect: this init container will be continually + restarted on exit until all regular containers + have terminated. Once all regular containers + have completed, all init containers with + restartPolicy "Always" will be shut down. + This lifecycle differs from normal init + containers and is often referred to as + a "sidecar" container. Although this init + container still starts in the init container + sequence, it does not wait for the container + to complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after any + startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -12957,7 +14261,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -12999,21 +14305,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -13073,9 +14373,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -13115,7 +14413,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -13411,7 +14712,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -13442,6 +14746,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13526,7 +14843,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -13557,6 +14877,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13621,8 +14954,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -13656,7 +14988,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -13822,8 +15158,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -13857,7 +15192,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -13960,6 +15299,31 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -13983,7 +15347,8 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -14111,8 +15476,8 @@ spec: preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind @@ -14130,10 +15495,17 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in - addition to the container's primary GID. If - unspecified, no groups will be added to - any container. Note that this field cannot - be set when spec.os.name is windows. + addition to the container's primary GID, + the fsGroup (if specified), and group memberships + defined in the container image for the uid + of the container process. If unspecified, + no additional groups are added to any container. + Note that group memberships defined in the + container image for the uid of the container + process are still effective, even if they + are not included in this list. Note that + this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -14185,18 +15557,13 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + Process' container. All of a Pod's containers + must have the same effective HostProcess + value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess + is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -14361,7 +15728,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the @@ -14369,9 +15736,16 @@ spec: are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against labelSelector. + pod. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector + isn't set. Keys that don't exist in the + incoming pod labels will be ignored. A + null or empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by + default)." items: type: string type: array @@ -14449,8 +15823,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the - Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -14463,7 +15837,7 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -15058,7 +16432,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -15271,12 +16645,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -15315,11 +16689,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -15352,9 +16730,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -15362,31 +16740,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -15408,11 +16798,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -15452,7 +16857,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -15533,6 +16940,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -15962,6 +17401,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -16952,7 +18529,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -16983,6 +18563,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -17065,7 +18658,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -17094,7 +18690,20 @@ spec: to the host. Defaults to HTTP. type: string required: - - port + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds type: object tcpSocket: description: Deprecated. TCPSocket is NOT @@ -17154,8 +18763,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -17189,7 +18797,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -17327,8 +18938,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -17362,7 +18972,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -17462,6 +19075,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -17483,8 +19121,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -17621,8 +19259,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -17659,18 +19298,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -18070,7 +19703,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -18143,6 +19778,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -18302,7 +19998,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -18370,6 +20068,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -18520,7 +20273,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -18593,6 +20348,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -18752,7 +20568,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -18820,6 +20638,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -19088,8 +20961,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -19129,18 +21003,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -19714,7 +21584,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -19747,6 +21621,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -19841,7 +21728,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -19874,6 +21765,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -19940,9 +21844,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -19983,7 +21885,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -20193,9 +22099,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -20236,7 +22140,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -20345,11 +22253,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -20374,9 +22333,38 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -20537,7 +22525,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -20581,20 +22571,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -20655,9 +22639,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -20698,7 +22680,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21005,7 +22991,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -21036,6 +23025,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -21123,7 +23125,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -21154,6 +23159,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -21218,9 +23236,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -21259,7 +23275,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -21427,9 +23446,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -21468,7 +23485,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -21572,6 +23592,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -21595,7 +23641,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -21727,8 +23774,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -21747,8 +23795,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -21803,18 +23858,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -21983,18 +24034,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -22075,8 +24133,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -22089,8 +24147,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -22705,7 +24763,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -22930,12 +24988,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -22975,11 +25033,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -23012,9 +25076,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -23023,31 +25087,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -23070,11 +25147,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -23116,7 +25208,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -23201,6 +25295,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -23643,6 +25772,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -24907,7 +27183,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -25146,12 +27422,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -25192,11 +27468,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -25231,10 +27514,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -25243,35 +27526,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -25295,11 +27592,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -25345,8 +27659,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -25435,6 +27750,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -25884,6 +28238,164 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data @@ -26767,12 +29279,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -26811,11 +29323,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -26848,9 +29364,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -26858,31 +29374,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -26904,11 +29432,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -26948,7 +29491,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -27029,6 +29574,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -27253,11 +29830,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -27291,10 +29868,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -27323,35 +29904,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -27371,11 +29962,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -27414,7 +30019,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -27488,6 +30094,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -27515,6 +30150,75 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller + receives persistentvolume claim + update with ClaimResourceStatus + for a resource that it does + not recognizes, then it should + ignore that update and let other + controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being + resized for the given PVC. Key + names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + ClaimResourceStatus can be in + any of following states: - ControllerResizeInProgress: + State set when resize controller + starts resizing the volume in + control-plane. - ControllerResizeFailed: + State set when resize has failed + in resize controller with a terminal + error. - NodeResizePending: State + set when resize controller has + finished resizing the volume but + further resizing of volume is + needed on the node. - NodeResizeInProgress: + State set when kubelet starts + resizing the volume. - NodeResizeFailed: + State set when resizing has failed + in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. + For example: if expanding a PVC + for more capacity - this field + can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - + pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this + field is not set, it means that + no resize operation is in progress + for the given PVC. \n A controller + that receives PVC update with + previously unknown resourceName + or ClaimResourceStatus should + ignore the update for the purpose + it was designed. For example - + a controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -27522,14 +30226,25 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources - is the storage resource within - AllocatedResources tracks the - capacity allocated to a PVC. It - may be larger than the actual - capacity when a volume expansion - operation is requested. For storage - quota, the larger value from allocatedResources + description: "allocatedResources + tracks the resources allocated + to a PVC including its capacity. + Key names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + Capacity reported here may be + larger than the actual capacity + when a volume expansion operation + is requested. For storage quota, + the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used @@ -27540,9 +30255,18 @@ spec: operations in progress and if the actual volume capacity is equal or lower than the requested - capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + capacity. \n A controller that + receives PVC update with previously + unknown resourceName should ignore + the update for the purpose it + was designed. For example - a + controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -27563,7 +30287,7 @@ spec: Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state + contains details about state of pvc properties: lastProbeTime: @@ -27606,21 +30330,61 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, + there is no VolumeAttributeClass + applied to this PersistentVolumeClaim + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus + represents the status object of + ControllerModifyVolume operation. + When this is unset, there is no + ModifyVolume operation being attempted. + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the + status of the ControllerModifyVolume + operation. It can be in any + of following states: - Pending + Pending indicates that the + PersistentVolumeClaim cannot + be modified due to unmet requirements, + such as the specified VolumeAttributesClass + not existing. - InProgress + InProgress indicates that + the volume is being modified. + - Infeasible Infeasible indicates + that the request has been + rejected as invalid by the + CSI driver. To resolve the + error, a valid VolumeAttributesClass + needs to be specified. Note: + New statuses can be added + in the future. Consumers should + check for unknown statuses + and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores - status of resize operation. ResizeStatus - is not set by default but when - expansion is complete resizeStatus - is set to empty string by resize - controller or kubelet. This is - an alpha field and requires enabling - RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -28194,7 +30958,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -28433,12 +31197,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -28479,11 +31243,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -28518,10 +31289,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -28530,35 +31301,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -28582,11 +31367,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -28632,8 +31434,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -28722,6 +31525,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -29176,6 +32018,164 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data diff --git a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupblueprints.yaml b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupblueprints.yaml index 88655cf82..624d9322d 100644 --- a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupblueprints.yaml +++ b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupblueprints.yaml @@ -390,7 +390,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -420,6 +424,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -498,7 +515,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -528,6 +549,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -585,8 +619,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -620,7 +653,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -756,8 +792,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -791,7 +826,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -890,6 +928,30 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -911,8 +973,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1049,8 +1111,9 @@ spec: be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set - if type is "Localhost". + seccomp profile location. Must be set if + type is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind of @@ -1087,17 +1150,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only - be honored by components that enable the - WindowsHostProcessContainers feature flag. - Setting this field without the feature flag - will result in errors when validating the - Pod. All of a Pod's containers must have - the same effective HostProcess value (it - is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must have the + same effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run @@ -1478,7 +1536,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1547,6 +1607,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -1700,7 +1820,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1763,6 +1884,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -1903,7 +2076,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1972,6 +2147,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -2125,7 +2360,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -2188,6 +2424,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -2444,8 +2732,8 @@ spec: preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind @@ -2485,18 +2773,13 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + Process' container. All of a Pod's containers + must have the same effective HostProcess + value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess + is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -3057,7 +3340,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3090,6 +3377,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3181,7 +3481,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3214,6 +3518,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3280,9 +3597,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -3322,7 +3637,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -3526,9 +3844,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -3568,7 +3884,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -3672,11 +3991,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize policy + applies. Supported values: cpu, + memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults to + NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3701,9 +4071,37 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set for + init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, the + restart behavior is defined by the Pod''s + restart policy and the container type. + Setting the RestartPolicy as "Always" + for the init container will have the following + effect: this init container will be continually + restarted on exit until all regular containers + have terminated. Once all regular containers + have completed, all init containers with + restartPolicy "Always" will be shut down. + This lifecycle differs from normal init + containers and is often referred to as + a "sidecar" container. Although this init + container still starts in the init container + sequence, it does not wait for the container + to complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after any + startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -3856,7 +4254,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -3898,21 +4298,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -3972,9 +4366,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -4014,7 +4406,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -4310,7 +4705,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4341,6 +4739,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -4425,7 +4836,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4456,6 +4870,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -4520,8 +4947,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -4555,7 +4981,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -4721,8 +5151,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -4756,7 +5185,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -4859,6 +5292,31 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4882,7 +5340,8 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -5010,8 +5469,8 @@ spec: preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind @@ -5029,10 +5488,17 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in - addition to the container's primary GID. If - unspecified, no groups will be added to - any container. Note that this field cannot - be set when spec.os.name is windows. + addition to the container's primary GID, + the fsGroup (if specified), and group memberships + defined in the container image for the uid + of the container process. If unspecified, + no additional groups are added to any container. + Note that group memberships defined in the + container image for the uid of the container + process are still effective, even if they + are not included in this list. Note that + this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -5084,18 +5550,13 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + Process' container. All of a Pod's containers + must have the same effective HostProcess + value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess + is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -5260,7 +5721,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the @@ -5268,9 +5729,16 @@ spec: are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against labelSelector. + pod. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector + isn't set. Keys that don't exist in the + incoming pod labels will be ignored. A + null or empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by + default)." items: type: string type: array @@ -5348,8 +5816,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the - Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -5362,7 +5830,7 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -5957,7 +6425,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -6170,12 +6638,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -6214,11 +6682,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -6251,9 +6723,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -6261,31 +6733,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -6307,11 +6791,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -6351,7 +6850,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -6432,6 +6933,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -6861,6 +7394,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -8076,7 +8747,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -8301,12 +8972,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8346,11 +9017,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -8383,9 +9060,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -8394,31 +9071,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -8441,11 +9131,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -8487,7 +9192,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8572,6 +9279,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -9009,6 +9751,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -9839,11 +10728,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9882,10 +10771,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -9915,7 +10809,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -9925,28 +10819,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -9967,11 +10872,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -10010,7 +10929,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10090,6 +11010,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -10305,11 +11257,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10341,11 +11293,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -10374,33 +11330,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -10420,11 +11386,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -10462,7 +11440,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10532,6 +11511,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -10557,6 +11564,72 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update + with ClaimResourceStatus for a + resource that it does not recognizes, + then it should ignore that update + and let other controllers handle + it. + type: string + description: "allocatedResourceStatuses + stores status of resource being + resized for the given PVC. Key names + follow standard Kubernetes label + syntax. Valid values are either: + * Un-prefixed keys: - storage - + the capacity of the volume. * Custom + resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that + are unprefixed or have kubernetes.io + prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus + can be in any of following states: + - ControllerResizeInProgress: State + set when resize controller starts + resizing the volume in control-plane. + - ControllerResizeFailed: State + set when resize has failed in resize + controller with a terminal error. + - NodeResizePending: State set when + resize controller has finished resizing + the volume but further resizing + of volume is needed on the node. + - NodeResizeInProgress: State set + when kubelet starts resizing the + volume. - NodeResizeFailed: State + set when resizing has failed in + kubelet with a terminal error. Transient + errors don't set NodeResizeFailed. + For example: if expanding a PVC + for more capacity - this field can + be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this + field is not set, it means that + no resize operation is in progress + for the given PVC. \n A controller + that receives PVC update with previously + unknown resourceName or ClaimResourceStatus + should ignore the update for the + purpose it was designed. For example + - a controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that change + other valid resources associated + with PVC. \n This is an alpha field + and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -10564,25 +11637,44 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is - the storage resource within AllocatedResources - tracks the capacity allocated to - a PVC. It may be larger than the - actual capacity when a volume expansion - operation is requested. For storage - quota, the larger value from allocatedResources - and PVC.spec.resources is used. - If allocatedResources is not set, - PVC.spec.resources alone is used - for quota calculation. If a volume - expansion capacity request is lowered, - allocatedResources is only lowered - if there are no expansion operations - in progress and if the actual volume - capacity is equal or lower than - the requested capacity. This is - an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks + the resources allocated to a PVC + including its capacity. Key names + follow standard Kubernetes label + syntax. Valid values are either: + * Un-prefixed keys: - storage - + the capacity of the volume. * Custom + resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that + are unprefixed or have kubernetes.io + prefix are considered reserved and + hence may not be used. \n Capacity + reported here may be larger than + the actual capacity when a volume + expansion operation is requested. + For storage quota, the larger value + from allocatedResources and PVC.spec.resources + is used. If allocatedResources is + not set, PVC.spec.resources alone + is used for quota calculation. If + a volume expansion capacity request + is lowered, allocatedResources is + only lowered if there are no expansion + operations in progress and if the + actual volume capacity is equal + or lower than the requested capacity. + \n A controller that receives PVC + update with previously unknown resourceName + should ignore the update for the + purpose it was designed. For example + - a controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that change + other valid resources associated + with PVC. \n This is an alpha field + and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -10603,7 +11695,7 @@ spec: will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of + contains details about state of pvc properties: lastProbeTime: @@ -10644,20 +11736,57 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, there + is no VolumeAttributeClass applied + to this PersistentVolumeClaim This + is an alpha field and requires enabling + VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents + the status object of ControllerModifyVolume + operation. When this is unset, there + is no ModifyVolume operation being + attempted. This is an alpha field + and requires enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the status + of the ControllerModifyVolume + operation. It can be in any + of following states: - Pending + Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet + requirements, such as the specified + VolumeAttributesClass not existing. + - InProgress InProgress indicates + that the volume is being modified. + - Infeasible Infeasible indicates + that the request has been rejected + as invalid by the CSI driver. + To resolve the error, a valid + VolumeAttributesClass needs + to be specified. Note: New statuses + can be added in the future. + Consumers should check for unknown + statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status - of resize operation. ResizeStatus - is not set by default but when expansion - is complete resizeStatus is set - to empty string by resize controller - or kubelet. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -11218,7 +12347,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -11443,12 +12572,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -11488,11 +12617,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -11525,9 +12660,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -11536,31 +12671,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -11583,11 +12731,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -11629,7 +12792,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -11714,6 +12879,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -12156,6 +13356,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -13351,7 +14698,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13384,6 +14735,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13475,7 +14839,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13508,6 +14876,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13574,9 +14955,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -13616,7 +14995,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -13767,9 +15149,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -13809,7 +15189,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -13918,6 +15301,32 @@ spec: by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -13942,7 +15351,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -14095,7 +15505,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -14137,21 +15549,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -14533,7 +15939,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -14617,6 +16025,76 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -14798,7 +16276,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -14871,6 +16351,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -15031,7 +16572,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15115,6 +16658,76 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -15296,7 +16909,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15369,6 +16984,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -15734,7 +17410,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -15754,10 +17432,18 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that - this field cannot be set when spec.os.name - is windows. + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container + process. If unspecified, no additional + groups are added to any container. + Note that group memberships defined + in the container image for the uid + of the container process are still + effective, even if they are not included + in this list. Note that this field + cannot be set when spec.os.name is + windows. items: format: int64 type: integer @@ -15812,21 +17498,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -15985,20 +17665,27 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select the - pods over which spreading will be - calculated. The keys are used to - lookup values from the incoming + description: "MatchLabelKeys is a + set of pod label keys to select + the pods over which spreading will + be calculated. The keys are used + to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that - don't exist in the incoming pod - labels will be ignored. A null or - empty list means only match against - labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector + isn't set. Keys that don't exist + in the incoming pod labels will + be ignored. A null or empty list + means only match against labelSelector. + \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -16086,8 +17773,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -16102,8 +17789,8 @@ spec: All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a - alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread + beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -16828,7 +18515,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -17024,11 +18711,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -17067,10 +18754,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -17100,7 +18792,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -17110,28 +18802,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -17152,11 +18855,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -17195,7 +18912,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -17275,6 +18993,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -17692,6 +19442,137 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such as + inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering + of certificates within the file + is arbitrary, and Kubelet may + change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -18678,7 +20559,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -18711,6 +20596,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -18802,7 +20700,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -18835,6 +20737,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -18901,9 +20816,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -18943,7 +20856,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -19094,9 +21010,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -19136,7 +21050,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -19245,6 +21162,32 @@ spec: by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -19269,7 +21212,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -19422,7 +21366,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -19464,21 +21410,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -19860,7 +21800,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -19944,6 +21886,76 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -20125,7 +22137,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -20198,6 +22212,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -20358,7 +22433,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -20442,6 +22519,76 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -20623,7 +22770,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -20696,6 +22845,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -21061,7 +23271,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -21081,10 +23293,18 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that - this field cannot be set when spec.os.name - is windows. + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container + process. If unspecified, no additional + groups are added to any container. + Note that group memberships defined + in the container image for the uid + of the container process are still + effective, even if they are not included + in this list. Note that this field + cannot be set when spec.os.name is + windows. items: format: int64 type: integer @@ -21139,21 +23359,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -21312,20 +23526,27 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select the - pods over which spreading will be - calculated. The keys are used to - lookup values from the incoming + description: "MatchLabelKeys is a + set of pod label keys to select + the pods over which spreading will + be calculated. The keys are used + to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that - don't exist in the incoming pod - labels will be ignored. A null or - empty list means only match against - labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector + isn't set. Keys that don't exist + in the incoming pod labels will + be ignored. A null or empty list + means only match against labelSelector. + \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -21413,8 +23634,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -21429,8 +23650,8 @@ spec: All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a - alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread + beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -22155,7 +24376,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -22351,11 +24572,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -22394,10 +24615,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -22427,7 +24653,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -22437,28 +24663,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -22479,11 +24716,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -22522,7 +24773,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -22602,6 +24854,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -23019,6 +25303,137 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such as + inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering + of certificates within the file + is arbitrary, and Kubelet may + change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -24240,7 +26655,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -24317,6 +26734,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -24483,7 +26966,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -24552,6 +27037,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -24706,7 +27251,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -24783,6 +27330,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -24949,7 +27562,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -25018,6 +27633,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -25291,8 +27966,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -25333,18 +28009,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -25938,7 +28608,12 @@ spec: properties: name: description: The header - field name + field name. This + will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The header @@ -25972,6 +28647,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -26070,7 +28760,12 @@ spec: properties: name: description: The header - field name + field name. This + will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The header @@ -26104,6 +28799,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -26174,9 +28884,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -26217,7 +28925,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -26436,9 +29148,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -26479,7 +29189,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -26592,11 +29306,65 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy + for the container. + items: + description: ContainerResizePolicy + represents resource resize policy + for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to + apply when specified resource + is resized. If not specified, + it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is + immutable. It can only be set + for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in + pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -26622,9 +29390,41 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines + the restart behavior of individual + containers in a pod. This field may + only be set for init containers, and + the only allowed value is "Always". + For non-init containers or when this + field is not specified, the restart + behavior is defined by the Pod''s + restart policy and the container type. + Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have + terminated. Once all regular containers + have completed, all init containers + with restartPolicy "Always" will be + shut down. This lifecycle differs + from normal init containers and is + often referred to as a "sidecar" container. + Although this init container still + starts in the init container sequence, + it does not wait for the container + to complete before proceeding to the + next init container. Instead, the + next init container starts immediately + after this init container is started, + or after any startupProbe has successfully + completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container @@ -26793,8 +29593,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set - if type is "Localhost". + location. Must be set if type + is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates @@ -26840,20 +29641,12 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level - and will only be honored by - components that enable the - WindowsHostProcessContainers - feature flag. Setting this - field without the feature - flag will result in errors - when validating the Pod. All - of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess + All of a Pod's containers + must have the same effective + HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. @@ -26920,9 +29713,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -26963,7 +29754,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -27284,7 +30079,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -27317,6 +30116,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -27405,7 +30217,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -27438,6 +30254,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -27504,9 +30333,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -27545,7 +30372,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -27718,9 +30548,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -27759,7 +30587,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -27866,6 +30697,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -27889,7 +30746,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -28024,8 +30882,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -28044,8 +30903,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -28102,18 +30968,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -28290,7 +31150,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -28298,10 +31158,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -28385,8 +31252,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -28400,8 +31267,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -29031,7 +31898,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -29270,12 +32137,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -29316,11 +32183,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -29355,10 +32229,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -29367,35 +32241,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -29419,11 +32307,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -29469,8 +32374,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -29559,6 +32465,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -30013,6 +32958,164 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data diff --git a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupconfigurations.yaml b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupconfigurations.yaml index 3c38584a6..92da82859 100644 --- a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupconfigurations.yaml +++ b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/backupconfigurations.yaml @@ -369,7 +369,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -398,6 +401,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -472,7 +487,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -501,6 +519,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -556,8 +586,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -591,7 +620,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -720,8 +752,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -755,7 +786,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -849,6 +883,30 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -870,7 +928,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -997,7 +1056,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -1032,16 +1092,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, if + HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the @@ -1391,7 +1447,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1454,6 +1511,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -1593,7 +1702,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -1652,6 +1763,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -1783,7 +1942,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1846,6 +2006,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -1985,7 +2197,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -2044,6 +2258,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -2289,8 +2551,9 @@ spec: be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set - if type is "Localhost". + seccomp profile location. Must be set if + type is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind of @@ -2327,17 +2590,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only - be honored by components that enable the - WindowsHostProcessContainers feature flag. - Setting this field without the feature flag - will result in errors when validating the - Pod. All of a Pod's containers must have - the same effective HostProcess value (it - is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must have the + same effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run @@ -2871,7 +3129,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -2902,6 +3163,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -2989,7 +3263,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -3020,6 +3297,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3081,9 +3371,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -3122,7 +3410,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -3317,9 +3608,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -3358,7 +3647,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -3458,11 +3750,60 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the + container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to + which this resource resize policy applies. + Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when + specified resource is resized. If not + specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3486,9 +3827,35 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart + behavior of individual containers in a pod. + This field may only be set for init containers, + and the only allowed value is "Always". For + non-init containers or when this field is + not specified, the restart behavior is defined + by the Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the following + effect: this init container will be continually + restarted on exit until all regular containers + have terminated. Once all regular containers + have completed, all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers and is + often referred to as a "sidecar" container. + Although this init container still starts + in the init container sequence, it does not + wait for the container to complete before + proceeding to the next init container. Instead, + the next init container starts immediately + after this init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. @@ -3631,8 +3998,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -3672,18 +4040,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -3739,9 +4103,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -3780,7 +4142,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4061,7 +4426,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -4091,6 +4460,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -4169,7 +4551,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -4199,6 +4585,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -4259,8 +4658,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -4294,7 +4692,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -4452,8 +4853,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -4487,7 +4887,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -4586,6 +4989,30 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4607,8 +5034,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -4729,8 +5156,9 @@ spec: be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set - if type is "Localhost". + seccomp profile location. Must be set if + type is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind of @@ -4747,9 +5175,15 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to - the container's primary GID. If unspecified, - no groups will be added to any container. Note - that this field cannot be set when spec.os.name + the container's primary GID, the fsGroup (if + specified), and group memberships defined in + the container image for the uid of the container + process. If unspecified, no additional groups + are added to any container. Note that group + memberships defined in the container image for + the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. items: format: int64 @@ -4799,17 +5233,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only - be honored by components that enable the - WindowsHostProcessContainers feature flag. - Setting this field without the feature flag - will result in errors when validating the - Pod. All of a Pod's containers must have - the same effective HostProcess value (it - is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must have the + same effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run @@ -4964,16 +5393,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the - incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + incoming pod. The same key is forbidden to + exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector + isn't set. Keys that don't exist in the incoming + pod labels will be ignored. A null or empty + list means only match against labelSelector. + \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -5045,9 +5479,9 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread feature - flag." + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread + feature flag." type: string nodeTaintsPolicy: description: "NodeTaintsPolicy indicates how @@ -5058,8 +5492,8 @@ spec: are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore - policy. This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -5624,7 +6058,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -5817,11 +6251,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -5858,10 +6292,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -5890,35 +6328,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -5938,11 +6386,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -5981,7 +6443,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -6055,6 +6518,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -6465,6 +6957,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -7602,7 +8221,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -7798,11 +8417,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -7841,10 +8460,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -7874,7 +8498,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -7884,28 +8508,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -7926,11 +8561,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -7969,7 +8618,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8049,6 +8699,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -8461,6 +9143,137 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such as + inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering + of certificates within the file + is arbitrary, and Kubelet may + change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -9218,11 +10031,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9257,11 +10070,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -9290,33 +10107,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -9336,11 +10163,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -9378,7 +10217,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9448,6 +10288,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -9649,11 +10517,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9685,10 +10553,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -9715,33 +10587,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -9759,11 +10639,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -9799,7 +10691,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9865,6 +10758,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -9889,6 +10810,65 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update with + ClaimResourceStatus for a resource + that it does not recognizes, then + it should ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being resized + for the given PVC. Key names follow + standard Kubernetes label syntax. Valid + values are either: * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that + are unprefixed or have kubernetes.io + prefix are considered reserved and hence + may not be used. \n ClaimResourceStatus + can be in any of following states: - + ControllerResizeInProgress: State set + when resize controller starts resizing + the volume in control-plane. - ControllerResizeFailed: + State set when resize has failed in + resize controller with a terminal error. + - NodeResizePending: State set when + resize controller has finished resizing + the volume but further resizing of volume + is needed on the node. - NodeResizeInProgress: + State set when kubelet starts resizing + the volume. - NodeResizeFailed: State + set when resizing has failed in kubelet + with a terminal error. Transient errors + don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity + - this field can be one of the following + states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field + is not set, it means that no resize + operation is in progress for the given + PVC. \n A controller that receives PVC + update with previously unknown resourceName + or ClaimResourceStatus should ignore + the update for the purpose it was designed. + For example - a controller that only + is responsible for resizing capacity + of the volume, should ignore PVC updates + that change other valid resources associated + with PVC. \n This is an alpha field + and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -9896,10 +10876,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the - storage resource within AllocatedResources - tracks the capacity allocated to a PVC. - It may be larger than the actual capacity + description: "allocatedResources tracks + the resources allocated to a PVC including + its capacity. Key names follow standard + Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage + - the capacity of the volume. * Custom + resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that + are unprefixed or have kubernetes.io + prefix are considered reserved and hence + may not be used. \n Capacity reported + here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources @@ -9910,9 +10899,17 @@ spec: is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than - the requested capacity. This is an alpha - field and requires enabling RecoverVolumeExpansionFailure - feature. + the requested capacity. \n A controller + that receives PVC update with previously + unknown resourceName should ignore the + update for the purpose it was designed. + For example - a controller that only + is responsible for resizing capacity + of the volume, should ignore PVC updates + that change other valid resources associated + with PVC. \n This is an alpha field + and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -9932,7 +10929,7 @@ spec: to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the @@ -9970,20 +10967,54 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, there + is no VolumeAttributeClass applied to + this PersistentVolumeClaim This is an + alpha field and requires enabling VolumeAttributesClass + feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents + the status object of ControllerModifyVolume + operation. When this is unset, there + is no ModifyVolume operation being attempted. + This is an alpha field and requires + enabling VolumeAttributesClass feature. + properties: + status: + description: 'status is the status + of the ControllerModifyVolume operation. + It can be in any of following states: + - Pending Pending indicates that + the PersistentVolumeClaim cannot + be modified due to unmet requirements, + such as the specified VolumeAttributesClass + not existing. - InProgress InProgress + indicates that the volume is being + modified. - Infeasible Infeasible + indicates that the request has been + rejected as invalid by the CSI driver. + To resolve the error, a valid VolumeAttributesClass + needs to be specified. Note: New + statuses can be added in the future. + Consumers should check for unknown + statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status - of resize operation. ResizeStatus is - not set by default but when expansion - is complete resizeStatus is set to empty - string by resize controller or kubelet. - This is an alpha field and requires - enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -10511,7 +11542,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -10707,11 +11738,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10750,10 +11781,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -10783,7 +11819,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -10793,28 +11829,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -10835,11 +11882,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -10878,7 +11939,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10958,6 +12020,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -11375,6 +12469,137 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such as + inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering + of certificates within the file + is arbitrary, and Kubelet may + change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -12486,7 +13711,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -12517,6 +13745,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12604,7 +13845,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -12635,6 +13879,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12696,9 +13953,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -12737,7 +13992,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -12881,9 +14139,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -12922,7 +14178,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -13026,6 +14285,32 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -13049,7 +14334,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -13192,8 +14478,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -13233,18 +14520,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -13590,7 +14873,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -13663,6 +14948,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -13822,7 +15168,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -13890,6 +15238,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -14040,7 +15443,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -14113,6 +15518,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -14272,7 +15738,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -14340,6 +15808,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -14687,8 +16210,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -14707,8 +16231,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -14763,18 +16294,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -14924,18 +16451,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -15016,8 +16550,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -15030,8 +16564,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -15726,7 +17260,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -15911,11 +17445,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -15950,11 +17484,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -15983,33 +17521,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -16029,11 +17577,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -16071,7 +17631,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -16141,6 +17702,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -16540,6 +18129,124 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into the + pod filesystem. Esoteric PEM features + such as inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering of + certificates within the file is arbitrary, + and Kubelet may change the order over + time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't available. If + using name, then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -17464,7 +19171,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -17495,6 +19205,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -17582,7 +19305,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -17613,6 +19339,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -17674,9 +19413,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -17715,7 +19452,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -17859,9 +19599,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -17900,7 +19638,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -18004,6 +19745,32 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -18027,7 +19794,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -18170,8 +19938,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -18211,18 +19980,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -18568,7 +20333,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -18641,6 +20408,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -18800,7 +20628,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -18868,6 +20698,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -19018,7 +20903,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -19091,6 +20978,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -19250,7 +21198,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -19318,6 +21268,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -19665,8 +21670,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -19685,8 +21691,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -19741,18 +21754,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -19902,18 +21911,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -19994,8 +22010,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -20008,8 +22024,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -20704,7 +22720,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -20889,11 +22905,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -20928,11 +22944,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -20961,33 +22981,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -21007,11 +23037,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -21049,7 +23091,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -21119,6 +23162,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -21518,6 +23589,124 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into the + pod filesystem. Esoteric PEM features + such as inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering of + certificates within the file is arbitrary, + and Kubelet may change the order over + time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't available. If + using name, then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -22655,7 +24844,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -22724,6 +24915,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -22877,7 +25128,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -22940,6 +25192,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -23080,7 +25384,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -23149,6 +25455,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -23302,7 +25668,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -23365,6 +25732,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -23621,8 +26040,8 @@ spec: preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind @@ -23662,18 +26081,13 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + Process' container. All of a Pod's containers + must have the same effective HostProcess + value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess + is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -24234,7 +26648,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -24267,6 +26685,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -24358,7 +26789,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -24391,6 +26826,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -24457,9 +26905,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -24499,7 +26945,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -24703,9 +27152,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -24745,7 +27192,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -24849,11 +27299,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize policy + applies. Supported values: cpu, + memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults to + NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -24878,9 +27379,37 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set for + init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, the + restart behavior is defined by the Pod''s + restart policy and the container type. + Setting the RestartPolicy as "Always" + for the init container will have the following + effect: this init container will be continually + restarted on exit until all regular containers + have terminated. Once all regular containers + have completed, all init containers with + restartPolicy "Always" will be shut down. + This lifecycle differs from normal init + containers and is often referred to as + a "sidecar" container. Although this init + container still starts in the init container + sequence, it does not wait for the container + to complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after any + startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -25033,7 +27562,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -25075,21 +27606,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -25149,9 +27674,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -25191,7 +27714,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -25487,7 +28013,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -25518,6 +28047,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -25602,7 +28144,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -25633,6 +28178,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -25697,8 +28255,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -25732,7 +28289,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -25898,8 +28459,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -25933,7 +28493,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -26036,6 +28600,31 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -26059,7 +28648,8 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -26187,8 +28777,8 @@ spec: preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind @@ -26206,10 +28796,17 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in - addition to the container's primary GID. If - unspecified, no groups will be added to - any container. Note that this field cannot - be set when spec.os.name is windows. + addition to the container's primary GID, + the fsGroup (if specified), and group memberships + defined in the container image for the uid + of the container process. If unspecified, + no additional groups are added to any container. + Note that group memberships defined in the + container image for the uid of the container + process are still effective, even if they + are not included in this list. Note that + this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -26261,18 +28858,13 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + Process' container. All of a Pod's containers + must have the same effective HostProcess + value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess + is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -26437,7 +29029,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the @@ -26445,9 +29037,16 @@ spec: are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against labelSelector. + pod. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector + isn't set. Keys that don't exist in the + incoming pod labels will be ignored. A + null or empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by + default)." items: type: string type: array @@ -26525,8 +29124,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the - Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -26539,7 +29138,7 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -27134,7 +29733,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -27347,12 +29946,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -27391,11 +29990,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -27428,9 +30031,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -27438,31 +30041,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -27484,11 +30099,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -27528,7 +30158,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -27609,6 +30241,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -28038,6 +30702,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to diff --git a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/hooktemplates.yaml b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/hooktemplates.yaml index 8d765f5e2..d28293011 100644 --- a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/hooktemplates.yaml +++ b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/hooktemplates.yaml @@ -113,7 +113,9 @@ spec: in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized + upon output, so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -170,7 +172,9 @@ spec: in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized + upon output, so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -802,7 +806,7 @@ spec: the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -962,11 +966,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -999,10 +1003,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will - always have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -1029,30 +1036,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as such if both + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is - non-empty. There are two important differences - between DataSource and DataSourceRef: * - While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a - disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled.' + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -1070,11 +1086,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -1107,7 +1133,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -1168,6 +1195,30 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass + used by this claim. If specified, the CSI + driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can be + changed after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to + a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -1539,6 +1590,110 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod + to access the `.spec.trustBundle` field of + ClusterTrustBundle objects in an auto-updating + file. \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle objects + can either be selected by name, or by the + combination of signer name and a label selector. + \n Kubelet performs aggressive normalization + of the PEM contents written into the pod filesystem. + \ Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as "match + nothing". If set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with + signerName and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If using name, then + the named ClusterTrustBundle is allowed + not to exist. If using signerName, then + the combination of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -2130,10 +2285,10 @@ spec: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion diff --git a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/restoresessions.yaml b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/restoresessions.yaml index 190c1fe2b..2fb5c36f5 100644 --- a/hub/resourcedescriptors/core.kubestash.com/v1alpha1/restoresessions.yaml +++ b/hub/resourcedescriptors/core.kubestash.com/v1alpha1/restoresessions.yaml @@ -294,7 +294,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -322,6 +324,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -390,7 +404,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -418,6 +434,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -470,8 +498,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -503,7 +529,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -630,8 +658,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -663,7 +689,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -756,6 +784,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -776,8 +826,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -900,8 +950,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -934,16 +984,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -1266,7 +1312,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is a @@ -1322,6 +1370,53 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select the group + of existing pods which pods will be + taken into consideration for the incoming + pod's pod (anti) affinity. Keys that + don't exist in the incoming pod labels + will be ignored. The default value is + empty. The same key is forbidden to + exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods will + be taken into consideration for the + incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -1446,7 +1541,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1497,6 +1593,49 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be + taken into consideration. The keys are used + to lookup values from the incoming pod labels, + those key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` + to select the group of existing pods which + pods will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod + labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The @@ -1613,7 +1752,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is a @@ -1669,6 +1810,53 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select the group + of existing pods which pods will be + taken into consideration for the incoming + pod's pod (anti) affinity. Keys that + don't exist in the incoming pod labels + will be ignored. The default value is + empty. The same key is forbidden to + exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods will + be taken into consideration for the + incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys and + LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -1794,7 +1982,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1845,6 +2034,49 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be + taken into consideration. The keys are used + to lookup values from the incoming pod labels, + those key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` + to select the group of existing pods which + pods will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod + labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The @@ -2068,7 +2300,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -2101,15 +2334,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the - Pod. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a + mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -2613,7 +2842,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -2643,6 +2876,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -2721,7 +2967,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -2751,6 +3001,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -2808,8 +3071,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -2843,7 +3105,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3025,8 +3290,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -3060,7 +3324,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3155,10 +3422,56 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which + this resource resize policy applies. Supported + values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. If not specified, it + defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3180,10 +3493,33 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior + of individual containers in a pod. This field may + only be set for init containers, and the only allowed + value is "Always". For non-init containers or when + this field is not specified, the restart behavior + is defined by the Pod''s restart policy and the + container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: + this init container will be continually restarted + on exit until all regular containers have terminated. + Once all regular containers have completed, all + init containers with restartPolicy "Always" will + be shut down. This lifecycle differs from normal + init containers and is often referred to as a "sidecar" + container. Although this init container still starts + in the init container sequence, it does not wait + for the container to complete before proceeding + to the next init container. Instead, the next init + container starts immediately after this init container + is started, or after any startupProbe has successfully + completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, @@ -3319,8 +3655,9 @@ spec: be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set - if type is "Localhost". + seccomp profile location. Must be set if + type is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind of @@ -3357,17 +3694,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only - be honored by components that enable the - WindowsHostProcessContainers feature flag. - Setting this field without the feature flag - will result in errors when validating the - Pod. All of a Pod's containers must have - the same effective HostProcess value (it - is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must have the + same effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run @@ -3418,8 +3750,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -3453,7 +3784,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3716,7 +4050,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3744,6 +4081,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -3815,7 +4164,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3843,6 +4195,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -3899,8 +4263,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -3932,7 +4295,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -4082,8 +4447,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -4115,7 +4479,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -4208,6 +4574,29 @@ spec: resources: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where + this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4229,7 +4618,7 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -4341,7 +4730,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -4357,9 +4747,14 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added - to any container. Note that this field cannot be set - when spec.os.name is windows. + primary GID, the fsGroup (if specified), and group + memberships defined in the container image for the + uid of the container process. If unspecified, no additional + groups are added to any container. Note that group + memberships defined in the container image for the + uid of the container process are still effective, + even if they are not included in this list. Note that + this field cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -4406,15 +4801,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the - Pod. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a + mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -4557,15 +4948,20 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. + for the incoming pod. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector + isn't set. Keys that don't exist in the incoming + pod labels will be ignored. A null or empty list + means only match against labelSelector. \n This + is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -4629,8 +5025,8 @@ spec: are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -4641,8 +5037,8 @@ spec: pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -5168,7 +5564,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -5339,11 +5735,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -5377,10 +5773,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -5407,33 +5807,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -5451,11 +5859,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -5491,7 +5911,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -5557,6 +5978,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -5939,6 +6388,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -6989,7 +7550,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -7166,11 +7727,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -7204,10 +7765,14 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of the - specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -7236,33 +7801,44 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will - replace the functionality of the DataSource + replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource - only allows two specific types of - objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), - DataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled.' + when namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to + the same value automatically if one + of them is empty and the other is + non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be + empty. There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two + specific types of objects, dataSourceRef + allows any non-core object, as well + as PersistentVolumeClaim objects. + * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates + an error if a disallowed value is + specified. * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires the + AnyVolumeDataSource feature gate to + be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -7281,11 +7857,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -7322,6 +7910,7 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object @@ -7391,6 +7980,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to + empty string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the resource + referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, as + reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -7776,6 +8393,120 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by name, + or by the combination of signer name + and a label selector. \n Kubelet performs + aggressive normalization of the PEM + contents written into the pod filesystem. + \ Esoteric PEM features such as inter-block + comments and block headers are stripped. + \ Certificates are deduplicated. The + ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -8459,11 +9190,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8497,10 +9228,13 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -8527,31 +9261,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the - functionality of the DataSource field + functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to the + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them - is empty and the other is non-empty. There - are two important differences between - DataSource and DataSourceRef: * While - DataSource only allows two specific types - of objects, DataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -8569,11 +9311,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -8608,7 +9362,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8672,6 +9427,32 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can + be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to empty + string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will + be set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set + to a Pending state, as reflected by the + modifyVolumeStatus field, until such as + a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -8855,11 +9636,11 @@ spec: type: string name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8890,10 +9671,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always - have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the @@ -8919,29 +9703,37 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of the - specified object matches some installed volume - populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, + be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding + will only succeed if the type of the specified + object matches some installed volume populator + or dynamic provisioner. This field will replace + the functionality of the dataSource field + and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource and - DataSourceRef) will be set to the same value - automatically if one of them is empty and - the other is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed - value is specified. (Beta) Using this field - requires the AnyVolumeDataSource feature gate - to be enabled.' + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same + value automatically if one of them is empty + and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all + values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows + objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the @@ -8958,11 +9750,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -8995,7 +9797,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9056,6 +9859,29 @@ spec: the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass used + by this claim. If specified, the CSI driver + will create or update the volume with the + attributes defined in the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, this + PersistentVolumeClaim will be set to a Pending + state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of @@ -9079,6 +9905,57 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, + then it should ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses stores + status of resource being resized for the given + PVC. Key names follow standard Kubernetes + label syntax. Valid values are either: * Un-prefixed + keys: - storage - the capacity of the volume. + * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed + or have kubernetes.io prefix are considered + reserved and hence may not be used. \n ClaimResourceStatus + can be in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing + the volume in control-plane. - ControllerResizeFailed: + State set when resize has failed in resize + controller with a terminal error. - NodeResizePending: + State set when resize controller has finished + resizing the volume but further resizing of + volume is needed on the node. - NodeResizeInProgress: + State set when kubelet starts resizing the + volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal + error. Transient errors don't set NodeResizeFailed. + For example: if expanding a PVC for more capacity + - this field can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is + not set, it means that no resize operation + is in progress for the given PVC. \n A controller + that receives PVC update with previously unknown + resourceName or ClaimResourceStatus should + ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should + ignore PVC updates that change other valid + resources associated with PVC. \n This is + an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -9086,21 +9963,36 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume - expansion operation is requested. For storage - quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used - for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources - is only lowered if there are no expansion - operations in progress and if the actual volume - capacity is equal or lower than the requested - capacity. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the + resources allocated to a PVC including its + capacity. Key names follow standard Kubernetes + label syntax. Valid values are either: * Un-prefixed + keys: - storage - the capacity of the volume. + * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed + or have kubernetes.io prefix are considered + reserved and hence may not be used. \n Capacity + reported here may be larger than the actual + capacity when a volume expansion operation + is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, + PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity + request is lowered, allocatedResources is + only lowered if there are no expansion operations + in progress and if the actual volume capacity + is equal or lower than the requested capacity. + \n A controller that receives PVC update with + previously unknown resourceName should ignore + the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should + ignore PVC updates that change other valid + resources associated with PVC. \n This is + an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -9119,7 +10011,7 @@ spec: Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -9156,18 +10048,51 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, there is no + VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling + VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents the + status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume + operation being attempted. This is an alpha + field and requires enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the status of the + ControllerModifyVolume operation. It can + be in any of following states: - Pending + Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, + such as the specified VolumeAttributesClass + not existing. - InProgress InProgress + indicates that the volume is being modified. + - Infeasible Infeasible indicates that + the request has been rejected as invalid + by the CSI driver. To resolve the error, + a valid VolumeAttributesClass needs to + be specified. Note: New statuses can be + added in the future. Consumers should + check for unknown statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default - but when expansion is complete resizeStatus - is set to empty string by resize controller - or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: array @@ -9659,7 +10584,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -9836,11 +10761,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9874,10 +10799,14 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of the - specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -9906,33 +10835,44 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will - replace the functionality of the DataSource + replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource - only allows two specific types of - objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), - DataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled.' + when namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to + the same value automatically if one + of them is empty and the other is + non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be + empty. There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two + specific types of objects, dataSourceRef + allows any non-core object, as well + as PersistentVolumeClaim objects. + * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates + an error if a disallowed value is + specified. * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires the + AnyVolumeDataSource feature gate to + be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -9951,11 +10891,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -9992,6 +10944,7 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object @@ -10061,6 +11014,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to + empty string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the resource + referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, as + reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -10450,6 +11431,120 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by name, + or by the combination of signer name + and a label selector. \n Kubelet performs + aggressive normalization of the PEM + contents written into the pod filesystem. + \ Esoteric PEM features such as inter-block + comments and block headers are stripped. + \ Certificates are deduplicated. The + ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -11524,7 +12619,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -11554,6 +12653,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -11632,7 +12744,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -11662,6 +12778,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -11719,8 +12848,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -11754,7 +12882,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -11890,8 +13021,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -11925,7 +13055,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -12024,11 +13157,35 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount @@ -12045,8 +13202,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -12183,8 +13340,9 @@ spec: be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set - if type is "Localhost". + seccomp profile location. Must be set if + type is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind of @@ -12221,17 +13379,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only - be honored by components that enable the - WindowsHostProcessContainers feature flag. - Setting this field without the feature flag - will result in errors when validating the - Pod. All of a Pod's containers must have - the same effective HostProcess value (it - is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must have the + same effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run @@ -12531,7 +13684,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -12594,6 +13748,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -12733,7 +13939,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -12792,6 +14000,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -12923,7 +14179,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -12986,6 +14243,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -13125,7 +14434,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -13184,6 +14495,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -13497,8 +14856,9 @@ spec: be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set - if type is "Localhost". + seccomp profile location. Must be set if + type is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind of @@ -13515,9 +14875,15 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to - the container's primary GID. If unspecified, - no groups will be added to any container. Note - that this field cannot be set when spec.os.name + the container's primary GID, the fsGroup (if + specified), and group memberships defined in + the container image for the uid of the container + process. If unspecified, no additional groups + are added to any container. Note that group + memberships defined in the container image for + the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. items: format: int64 @@ -13567,17 +14933,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only - be honored by components that enable the - WindowsHostProcessContainers feature flag. - Setting this field without the feature flag - will result in errors when validating the - Pod. All of a Pod's containers must have - the same effective HostProcess value (it - is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must have the + same effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run @@ -13714,16 +15075,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the - incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + incoming pod. The same key is forbidden to + exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector + isn't set. Keys that don't exist in the incoming + pod labels will be ignored. A null or empty + list means only match against labelSelector. + \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -13795,9 +15161,9 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread feature - flag." + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread + feature flag." type: string nodeTaintsPolicy: description: "NodeTaintsPolicy indicates how @@ -13808,8 +15174,8 @@ spec: are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore - policy. This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -14455,7 +15821,7 @@ spec: be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -14618,11 +15984,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -14656,10 +16022,13 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -14686,31 +16055,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the - functionality of the DataSource field + functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to the + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them - is empty and the other is non-empty. There - are two important differences between - DataSource and DataSourceRef: * While - DataSource only allows two specific types - of objects, DataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -14728,11 +16105,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -14767,7 +16156,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -14831,6 +16221,32 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can + be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to empty + string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will + be set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set + to a Pending state, as reflected by the + modifyVolumeStatus field, until such as + a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -15206,6 +16622,114 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a + pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating + file. \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle objects + can either be selected by name, or by the + combination of signer name and a label selector. + \n Kubelet performs aggressive normalization + of the PEM contents written into the pod + filesystem. Esoteric PEM features such + as inter-block comments and block headers + are stripped. Certificates are deduplicated. + The ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as + "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then + the named ClusterTrustBundle is allowed + not to exist. If using signerName, + then the combination of signerName and + labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -16075,7 +17599,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -16105,6 +17633,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -16183,7 +17724,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -16213,6 +17758,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before being + terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -16270,8 +17828,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -16305,7 +17862,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -16441,8 +18001,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -16476,7 +18035,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -16575,6 +18137,30 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -16596,8 +18182,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -16734,8 +18320,9 @@ spec: be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set - if type is "Localhost". + seccomp profile location. Must be set if + type is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind of @@ -16772,17 +18359,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only - be honored by components that enable the - WindowsHostProcessContainers feature flag. - Setting this field without the feature flag - will result in errors when validating the - Pod. All of a Pod's containers must have - the same effective HostProcess value (it - is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must have the + same effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run @@ -17082,7 +18664,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -17145,6 +18728,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -17284,7 +18919,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -17343,6 +18980,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -17474,7 +19159,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case - pods. + pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -17537,6 +19223,58 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a + set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are used + to lookup values from the incoming + pod labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -17676,7 +19414,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -17735,6 +19475,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -18048,8 +19836,9 @@ spec: be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set - if type is "Localhost". + seccomp profile location. Must be set if + type is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind of @@ -18066,9 +19855,15 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to - the container's primary GID. If unspecified, - no groups will be added to any container. Note - that this field cannot be set when spec.os.name + the container's primary GID, the fsGroup (if + specified), and group memberships defined in + the container image for the uid of the container + process. If unspecified, no additional groups + are added to any container. Note that group + memberships defined in the container image for + the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. items: format: int64 @@ -18118,17 +19913,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only - be honored by components that enable the - WindowsHostProcessContainers feature flag. - Setting this field without the feature flag - will result in errors when validating the - Pod. All of a Pod's containers must have - the same effective HostProcess value (it - is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must have the + same effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run @@ -18265,16 +20055,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the - incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + incoming pod. The same key is forbidden to + exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector + isn't set. Keys that don't exist in the incoming + pod labels will be ignored. A null or empty + list means only match against labelSelector. + \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -18346,9 +20141,9 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread feature - flag." + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread + feature flag." type: string nodeTaintsPolicy: description: "NodeTaintsPolicy indicates how @@ -18359,8 +20154,8 @@ spec: are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore - policy. This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -19006,7 +20801,7 @@ spec: be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -19169,11 +20964,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -19207,10 +21002,13 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -19237,31 +21035,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the - functionality of the DataSource field + functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to the + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them - is empty and the other is non-empty. There - are two important differences between - DataSource and DataSourceRef: * While - DataSource only allows two specific types - of objects, DataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -19279,11 +21085,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -19318,7 +21136,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -19382,6 +21201,32 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can + be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to empty + string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will + be set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set + to a Pending state, as reflected by the + modifyVolumeStatus field, until such as + a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -19757,6 +21602,114 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a + pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating + file. \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle objects + can either be selected by name, or by the + combination of signer name and a label selector. + \n Kubelet performs aggressive normalization + of the PEM contents written into the pod + filesystem. Esoteric PEM features such + as inter-block comments and block headers + are stripped. Certificates are deduplicated. + The ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as + "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then + the named ClusterTrustBundle is allowed + not to exist. If using signerName, + then the combination of signerName and + labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -20699,7 +22652,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -20727,6 +22682,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -20795,7 +22762,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -20823,6 +22792,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -20875,8 +22856,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -20908,7 +22887,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -21035,8 +23016,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -21068,7 +23047,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -21161,6 +23142,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -21181,8 +23184,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -21305,8 +23308,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -21339,16 +23342,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -21612,7 +23611,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -21663,6 +23663,49 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be + taken into consideration. The keys are used + to lookup values from the incoming pod labels, + those key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` + to select the group of existing pods which + pods will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod + labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The @@ -21780,7 +23823,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of @@ -21830,6 +23874,46 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into + consideration. The keys are used to lookup values + from the incoming pod labels, those key-value + labels are merged with `LabelSelector` as `key + in (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys cannot + be set when LabelSelector isn't set. This is + an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are merged with `LabelSelector` as `key + notin (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys cannot + be set when LabelSelector isn't set. This is + an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -21942,7 +24026,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -21993,6 +24078,49 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be + taken into consideration. The keys are used + to lookup values from the incoming pod labels, + those key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` + to select the group of existing pods which + pods will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod + labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The @@ -22110,7 +24238,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of @@ -22160,6 +24289,46 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into + consideration. The keys are used to lookup values + from the incoming pod labels, those key-value + labels are merged with `LabelSelector` as `key + in (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys cannot + be set when LabelSelector isn't set. This is + an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are merged with `LabelSelector` as `key + notin (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys cannot + be set when LabelSelector isn't set. This is + an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -22440,8 +24609,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -22457,9 +24626,14 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added - to any container. Note that this field cannot be set when - spec.os.name is windows. + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container process + are still effective, even if they are not included in + this list. Note that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -22503,16 +24677,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -22634,14 +24804,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A - null or empty list means only match against labelSelector. + will be calculated for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't + set. Keys that don't exist in the incoming pod labels + will be ignored. A null or empty list means only match + against labelSelector. \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread feature gate to + be enabled (enabled by default)." items: type: string type: array @@ -22702,9 +24877,9 @@ spec: in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread feature - flag." + to the Honor policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." type: string nodeTaintsPolicy: description: "NodeTaintsPolicy indicates how we will treat @@ -22713,8 +24888,8 @@ spec: tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior - is equivalent to the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + is equivalent to the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: diff --git a/hub/resourcedescriptors/storage.kubestash.com/v1alpha1/backupstorages.yaml b/hub/resourcedescriptors/storage.kubestash.com/v1alpha1/backupstorages.yaml index dafa0bd73..c49009e81 100644 --- a/hub/resourcedescriptors/storage.kubestash.com/v1alpha1/backupstorages.yaml +++ b/hub/resourcedescriptors/storage.kubestash.com/v1alpha1/backupstorages.yaml @@ -314,7 +314,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -342,6 +344,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -410,7 +424,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -438,6 +454,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -490,8 +518,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -523,7 +549,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -650,8 +678,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -683,7 +709,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -776,6 +804,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -796,8 +846,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -920,8 +970,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -954,16 +1004,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -1227,7 +1273,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1278,6 +1325,49 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be + taken into consideration. The keys are used + to lookup values from the incoming pod labels, + those key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` + to select the group of existing pods which + pods will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod + labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The @@ -1395,7 +1485,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of @@ -1445,6 +1536,46 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into + consideration. The keys are used to lookup values + from the incoming pod labels, those key-value + labels are merged with `LabelSelector` as `key + in (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys cannot + be set when LabelSelector isn't set. This is + an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are merged with `LabelSelector` as `key + notin (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys cannot + be set when LabelSelector isn't set. This is + an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1557,7 +1688,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1608,6 +1740,49 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be + taken into consideration. The keys are used + to lookup values from the incoming pod labels, + those key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` + to select the group of existing pods which + pods will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod + labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The @@ -1725,7 +1900,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of @@ -1775,6 +1951,46 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into + consideration. The keys are used to lookup values + from the incoming pod labels, those key-value + labels are merged with `LabelSelector` as `key + in (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys cannot + be set when LabelSelector isn't set. This is + an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are merged with `LabelSelector` as `key + notin (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys cannot + be set when LabelSelector isn't set. This is + an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2055,8 +2271,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -2072,9 +2288,14 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added - to any container. Note that this field cannot be set when - spec.os.name is windows. + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container process + are still effective, even if they are not included in + this list. Note that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -2118,16 +2339,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -2249,14 +2466,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A - null or empty list means only match against labelSelector. + will be calculated for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't + set. Keys that don't exist in the incoming pod labels + will be ignored. A null or empty list means only match + against labelSelector. \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread feature gate to + be enabled (enabled by default)." items: type: string type: array @@ -2317,9 +2539,9 @@ spec: in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread feature - flag." + to the Honor policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." type: string nodeTaintsPolicy: description: "NodeTaintsPolicy indicates how we will treat @@ -2328,8 +2550,8 @@ spec: tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior - is equivalent to the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + is equivalent to the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -2399,37 +2621,15 @@ spec: description: Prefix specifies a directory inside the bucket/container where the data for this backend will be stored. type: string - secret: - description: Secret specifies the name of the Secret that contains - the access credential for this storage. + secretName: + description: SecretName specifies the name of the Secret that + contains the access credential for this storage. type: string storageAccount: description: StorageAccount specifies the name of the Azure Storage Account type: string type: object - b2: - description: B2 specifies the storage information for B2 bucket - properties: - bucket: - description: Bucket specifies the name of the bucket that will - be used as storage backend. - type: string - maxConnections: - description: MaxConnections specifies the maximum number of - concurrent connections to use to upload/download data to this - backend. - format: int64 - type: integer - prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. - type: string - secret: - description: Secret specifies the name of the Secret that contains - the access credential for this storage. - type: string - type: object gcs: description: GCS specifies the storage information for GCS bucket properties: @@ -2447,9 +2647,9 @@ spec: description: Prefix specifies a directory inside the bucket/container where the data for this backend will be stored. type: string - secret: - description: Secret specifies the name of the Secret that contains - the access credential for this storage. + secretName: + description: SecretName specifies the name of the Secret that + contains the access credential for this storage. type: string type: object local: @@ -2836,7 +3036,7 @@ spec: medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -2982,11 +3182,11 @@ spec: type: string name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3016,9 +3216,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have the - same contents as the DataSourceRef field.' + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -3044,27 +3247,35 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API group (non core - object) or a PersistentVolumeClaim object. When - this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as such if both fields are + dataSource field and as such if both fields are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While - DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef - preserves all values, and generates an error if - a disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource feature - gate to be enabled.' + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -3081,11 +3292,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -3115,8 +3336,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -3176,6 +3397,28 @@ spec: StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used + to set the VolumeAttributesClass used by this + claim. If specified, the CSI driver will create + or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This + has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed + to reset this field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected by the + modifyVolumeStatus field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem @@ -3526,6 +3769,102 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access + the `.spec.trustBundle` field of ClusterTrustBundle + objects in an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature gate. + \n ClusterTrustBundle objects can either be selected + by name, or by the combination of signer name and + a label selector. \n Kubelet performs aggressive + normalization of the PEM contents written into the + pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates + are deduplicated. The ordering of certificates within + the file is arbitrary, and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles that + match this label selector. Only has effect + if signerName is set. Mutually-exclusive with + name. If unset, interpreted as "match nothing". If + set but empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with signerName + and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) aren't + available. If using name, then the named ClusterTrustBundle + is allowed not to exist. If using signerName, + then the combination of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles that + match this signer name. Mutually-exclusive with + name. The contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -4054,18 +4393,6 @@ spec: provider: description: Provider specifies the provider of the storage type: string - rest: - description: Rest specifies the storage information for rest storage - server - properties: - secret: - description: Secret specifies the name of the Secret that contains - the access credential for this storage. - type: string - url: - description: URL specifies the URL of the REST storage server - type: string - type: object s3: description: S3 specifies the storage information for AWS S3 and S3 compatible storage. @@ -4086,25 +4413,9 @@ spec: description: Region specifies the region where the bucket is located type: string - secret: - description: Secret specifies the name of the Secret that contains - the access credential for this storage. - type: string - type: object - swift: - description: Swift specifies the storage information for Swift container - properties: - container: - description: Container specifies the name of the Swift container - that will be used as storage backend. - type: string - prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. - type: string - secret: - description: Secret specifies the name of the Secret that contains - the access credential for this storage. + secretName: + description: SecretName specifies the name of the Secret that + contains the access credential for this storage. type: string type: object type: object diff --git a/vendor/kmodules.xyz/client-go/apiextensions/controller.go b/vendor/kmodules.xyz/client-go/apiextensions/controller.go new file mode 100644 index 000000000..94425010f --- /dev/null +++ b/vendor/kmodules.xyz/client-go/apiextensions/controller.go @@ -0,0 +1,87 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package apiextensions + +import ( + "context" + "sync" + + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" +) + +type SetupFn func(ctx context.Context, mgr ctrl.Manager) + +var setupFns = map[schema.GroupKind]SetupFn{ + // schema.GroupKind{"compute.gcp.kubedb.com", "Firewall"}: firewall.Setup, +} + +var ( + setupDone = map[schema.GroupKind]bool{} + mu sync.Mutex +) + +type Reconciler struct { + ctx context.Context + mgr ctrl.Manager +} + +func NewReconciler(ctx context.Context, mgr ctrl.Manager) *Reconciler { + return &Reconciler{ctx: ctx, mgr: mgr} +} + +func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + log := log.FromContext(ctx) + var crd apiextensions.CustomResourceDefinition + if err := r.mgr.GetClient().Get(ctx, req.NamespacedName, &crd); err != nil { + log.Error(err, "unable to fetch CustomResourceDefinition") + return ctrl.Result{}, client.IgnoreNotFound(err) + } + + gk := schema.GroupKind{ + Group: crd.Spec.Group, + Kind: crd.Spec.Names.Kind, + } + mu.Lock() + defer mu.Unlock() + _, found := setupDone[gk] + if found { + return ctrl.Result{}, nil + } + setup, found := setupFns[gk] + if found { + setup(r.ctx, r.mgr) + setupDone[gk] = true + } + return ctrl.Result{}, nil +} + +func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&apiextensions.CustomResourceDefinition{}). + Complete(r) +} + +func RegisterSetup(gk schema.GroupKind, fn SetupFn) { + mu.Lock() + defer mu.Unlock() + + setupFns[gk] = fn +} diff --git a/vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go b/vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go index cab174972..63052359d 100644 --- a/vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go +++ b/vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go @@ -109,3 +109,23 @@ func WaitForCRDReady(client crd_cs.Interface, crds []*CustomResourceDefinition) }) return errors.Wrap(err, "timed out waiting for CRD") } + +func RemoveCRDs(client crd_cs.Interface, crds []*CustomResourceDefinition) error { + for _, crd := range crds { + // Use crd v1 for k8s >= 1.16, if available + // ref: https://github.com/kubernetes/kubernetes/issues/91395 + if crd.V1 == nil { + gvr := schema.GroupVersionResource{ + Group: crd.V1beta1.Spec.Group, + Version: crd.V1beta1.Spec.Versions[0].Name, + Resource: crd.V1beta1.Spec.Names.Plural, + } + return fmt.Errorf("missing V1 definition for %s", gvr) + } + err := client.ApiextensionsV1().CustomResourceDefinitions().Delete(context.TODO(), crd.V1.Name, metav1.DeleteOptions{}) + if err != nil && !kerr.IsNotFound(err) { + return err + } + } + return nil +} diff --git a/vendor/kmodules.xyz/client-go/meta/preconditions.go b/vendor/kmodules.xyz/client-go/meta/preconditions.go index 0f7d914be..5a5f597a5 100644 --- a/vendor/kmodules.xyz/client-go/meta/preconditions.go +++ b/vendor/kmodules.xyz/client-go/meta/preconditions.go @@ -25,7 +25,7 @@ import ( ) type PreConditionSet struct { - sets.String + sets.Set[string] } func (s PreConditionSet) PreconditionFunc() []mergepatch.PreconditionFunc { @@ -36,7 +36,7 @@ func (s PreConditionSet) PreconditionFunc() []mergepatch.PreconditionFunc { mergepatch.RequireMetadataKeyUnchanged("namespace"), } - for _, field := range s.List() { + for _, field := range sets.List[string](s.Set) { preconditions = append(preconditions, RequireChainKeyUnchanged(field), ) @@ -45,7 +45,7 @@ func (s PreConditionSet) PreconditionFunc() []mergepatch.PreconditionFunc { } func (s PreConditionSet) Error() error { - strList := strings.Join(s.List(), "\n\t") + strList := strings.Join(sets.List[string](s.Set), "\n\t") return fmt.Errorf(strings.Join([]string{`At least one of the following was changed: apiVersion kind diff --git a/vendor/modules.txt b/vendor/modules.txt index f62bf71f1..794a4cab2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -693,7 +693,7 @@ k8s.io/utils/trace # kmodules.xyz/apiversion v0.2.0 ## explicit; go 1.14 kmodules.xyz/apiversion -# kmodules.xyz/client-go v0.29.4 +# kmodules.xyz/client-go v0.29.6 ## explicit; go 1.21.5 kmodules.xyz/client-go kmodules.xyz/client-go/api/v1