From 74659807bf2ad7772efc304fe11ac05c9c29ebca Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Wed, 10 Jan 2024 17:27:47 -0800 Subject: [PATCH] Cleanup BackupStorage api Signed-off-by: Tamal Saha --- go.mod | 4 +- go.sum | 8 +- pkg/clone_pvc.go | 54 +- .../client-go/apiextensions/controller.go | 87 + .../client-go/apiextensions/kubernetes.go | 20 + .../client-go/meta/preconditions.go | 6 +- .../addons/v1alpha1/zz_generated.deepcopy.go | 1 - .../config/v1alpha1/zz_generated.deepcopy.go | 1 - .../apimachinery/apis/constant.go | 14 +- .../core/v1alpha1/zz_generated.deepcopy.go | 1 - .../storage/v1alpha1/backupstorage_webhook.go | 26 +- .../apis/storage/v1alpha1/types.go | 46 +- .../storage/v1alpha1/zz_generated.deepcopy.go | 61 - .../apis/zz_generated.deepcopy.go | 1 - .../crds/addons.kubestash.com_addons.yaml | 636 ++- .../crds/addons.kubestash.com_functions.yaml | 85 +- .../core.kubestash.com_backupbatches.yaml | 4196 +++++++++++++-- .../core.kubestash.com_backupblueprints.yaml | 4491 ++++++++++++++--- ...re.kubestash.com_backupconfigurations.yaml | 3951 +++++++++++++-- .../core.kubestash.com_hooktemplates.yaml | 214 +- .../core.kubestash.com_restoresessions.yaml | 3158 ++++++++++-- .../storage.kubestash.com_backupstorages.yaml | 586 ++- .../apimachinery/pkg/restic/setup.go | 6 +- vendor/modules.txt | 4 +- 24 files changed, 15164 insertions(+), 2493 deletions(-) create mode 100644 vendor/kmodules.xyz/client-go/apiextensions/controller.go diff --git a/go.mod b/go.mod index 13d96987..2067a011 100644 --- a/go.mod +++ b/go.mod @@ -19,9 +19,9 @@ require ( k8s.io/klog/v2 v2.110.1 k8s.io/kubectl v0.29.0 k8s.io/utils v0.0.0-20230726121419-3b25d923346b - kmodules.xyz/client-go v0.29.4 + kmodules.xyz/client-go v0.29.6 kmodules.xyz/offshoot-api v0.29.0 - kubestash.dev/apimachinery v0.3.1-0.20231231034418-cc46ddfd674a + kubestash.dev/apimachinery v0.3.1-0.20240111011911-c3c3817fcf7c sigs.k8s.io/controller-runtime v0.16.3 ) diff --git a/go.sum b/go.sum index 5d754445..35852bc0 100644 --- a/go.sum +++ b/go.sum @@ -729,16 +729,16 @@ k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -kmodules.xyz/client-go v0.29.4 h1:WW4vlYtzLc9JXrJjcFuJO4DX/kIZ5ia7QtDyhNDUwfI= -kmodules.xyz/client-go v0.29.4/go.mod h1:xWlS/1zWkx1sIKCAkzULy9570mHZYi2exDECEoP1ek4= +kmodules.xyz/client-go v0.29.6 h1:xTVq5LZvsPBUTLY7PORq7zveLOj/vpuTDvkpHWOk3RM= +kmodules.xyz/client-go v0.29.6/go.mod h1:pHuzpwzEcDUIGjVVvwz9N8lY+6A7HXwvs2d7NtK7Hho= kmodules.xyz/objectstore-api v0.29.0 h1:dK53fQXdoboyW/EyBBAMjykT8u7jstKrM1DS4RJvhEU= kmodules.xyz/objectstore-api v0.29.0/go.mod h1:Kxmv6F7Kd/7EoKX3X2xIzhHT++zlj2qdXLcp/8avUYI= kmodules.xyz/offshoot-api v0.29.0 h1:GHLhxxT9jU1N8+FvOCCeJNyU5g0duYS46UGrs6AHNLY= kmodules.xyz/offshoot-api v0.29.0/go.mod h1:5NxhBblXoDHWStx9HCDJR2KFTwYjEZ7i1Id3jelIunw= kmodules.xyz/prober v0.29.0 h1:Ex7m4F9rH7uWNNJlLgP63ROOM+nUATJkC2L5OQ7nwMg= kmodules.xyz/prober v0.29.0/go.mod h1:UtK+HKyI1lFLEKX+HFLyOCVju6TO93zv3kwGpzqmKOo= -kubestash.dev/apimachinery v0.3.1-0.20231231034418-cc46ddfd674a h1:zkRd7mpfFk2QtGKefGxZqpczy909KJCk4iPu9WOwCKU= -kubestash.dev/apimachinery v0.3.1-0.20231231034418-cc46ddfd674a/go.mod h1:ImhcNxJIdObtmm1jPeOnvK9TrwS7bXqNa8I4Um/Vf1A= +kubestash.dev/apimachinery v0.3.1-0.20240111011911-c3c3817fcf7c h1:Ec4XNFVWyq/cTOH7sOmLj1IBK8spyrJnUKPdxZuV2Jo= +kubestash.dev/apimachinery v0.3.1-0.20240111011911-c3c3817fcf7c/go.mod h1:mqOML23d9Hm2kSyzlRy6Gr69RGEUaOCTWYl2egklac8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= diff --git a/pkg/clone_pvc.go b/pkg/clone_pvc.go index 7c6bbd94..0c9a8433 100644 --- a/pkg/clone_pvc.go +++ b/pkg/clone_pvc.go @@ -173,7 +173,7 @@ func (opt *storageOption) getBackendInfo() storageapi.Backend { Bucket: opt.bucket, Prefix: opt.prefix, MaxConnections: opt.maxConnections, - Secret: opt.storageSecret, + SecretName: opt.storageSecret, }, } case string(storageapi.ProviderAzure): @@ -183,39 +183,41 @@ func (opt *storageOption) getBackendInfo() storageapi.Backend { Container: opt.bucket, Prefix: opt.prefix, MaxConnections: opt.maxConnections, - Secret: opt.storageSecret, + SecretName: opt.storageSecret, }, } case string(storageapi.ProviderS3): backend = storageapi.Backend{ Provider: storageapi.ProviderS3, S3: &storageapi.S3Spec{ - Bucket: opt.bucket, - Prefix: opt.prefix, - Endpoint: opt.endpoint, - Region: opt.region, - Secret: opt.storageSecret, - }, - } - case string(storageapi.ProviderB2): - backend = storageapi.Backend{ - Provider: storageapi.ProviderB2, - B2: &storageapi.B2Spec{ - Bucket: opt.bucket, - Prefix: opt.prefix, - MaxConnections: opt.maxConnections, - Secret: opt.storageSecret, - }, - } - case string(storageapi.ProviderSwift): - backend = storageapi.Backend{ - Provider: storageapi.ProviderSwift, - Swift: &storageapi.SwiftSpec{ - Container: opt.bucket, - Prefix: opt.prefix, - Secret: opt.storageSecret, + Bucket: opt.bucket, + Prefix: opt.prefix, + Endpoint: opt.endpoint, + Region: opt.region, + SecretName: opt.storageSecret, }, } + /* + case string(storageapi.ProviderB2): + backend = storageapi.Backend{ + Provider: storageapi.ProviderB2, + B2: &storageapi.B2Spec{ + Bucket: opt.bucket, + Prefix: opt.prefix, + MaxConnections: opt.maxConnections, + Secret: opt.storageSecret, + }, + } + case string(storageapi.ProviderSwift): + backend = storageapi.Backend{ + Provider: storageapi.ProviderSwift, + Swift: &storageapi.SwiftSpec{ + Container: opt.bucket, + Prefix: opt.prefix, + Secret: opt.storageSecret, + }, + } + */ } return backend diff --git a/vendor/kmodules.xyz/client-go/apiextensions/controller.go b/vendor/kmodules.xyz/client-go/apiextensions/controller.go new file mode 100644 index 00000000..94425010 --- /dev/null +++ b/vendor/kmodules.xyz/client-go/apiextensions/controller.go @@ -0,0 +1,87 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package apiextensions + +import ( + "context" + "sync" + + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" +) + +type SetupFn func(ctx context.Context, mgr ctrl.Manager) + +var setupFns = map[schema.GroupKind]SetupFn{ + // schema.GroupKind{"compute.gcp.kubedb.com", "Firewall"}: firewall.Setup, +} + +var ( + setupDone = map[schema.GroupKind]bool{} + mu sync.Mutex +) + +type Reconciler struct { + ctx context.Context + mgr ctrl.Manager +} + +func NewReconciler(ctx context.Context, mgr ctrl.Manager) *Reconciler { + return &Reconciler{ctx: ctx, mgr: mgr} +} + +func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + log := log.FromContext(ctx) + var crd apiextensions.CustomResourceDefinition + if err := r.mgr.GetClient().Get(ctx, req.NamespacedName, &crd); err != nil { + log.Error(err, "unable to fetch CustomResourceDefinition") + return ctrl.Result{}, client.IgnoreNotFound(err) + } + + gk := schema.GroupKind{ + Group: crd.Spec.Group, + Kind: crd.Spec.Names.Kind, + } + mu.Lock() + defer mu.Unlock() + _, found := setupDone[gk] + if found { + return ctrl.Result{}, nil + } + setup, found := setupFns[gk] + if found { + setup(r.ctx, r.mgr) + setupDone[gk] = true + } + return ctrl.Result{}, nil +} + +func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&apiextensions.CustomResourceDefinition{}). + Complete(r) +} + +func RegisterSetup(gk schema.GroupKind, fn SetupFn) { + mu.Lock() + defer mu.Unlock() + + setupFns[gk] = fn +} diff --git a/vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go b/vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go index cab17497..63052359 100644 --- a/vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go +++ b/vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go @@ -109,3 +109,23 @@ func WaitForCRDReady(client crd_cs.Interface, crds []*CustomResourceDefinition) }) return errors.Wrap(err, "timed out waiting for CRD") } + +func RemoveCRDs(client crd_cs.Interface, crds []*CustomResourceDefinition) error { + for _, crd := range crds { + // Use crd v1 for k8s >= 1.16, if available + // ref: https://github.com/kubernetes/kubernetes/issues/91395 + if crd.V1 == nil { + gvr := schema.GroupVersionResource{ + Group: crd.V1beta1.Spec.Group, + Version: crd.V1beta1.Spec.Versions[0].Name, + Resource: crd.V1beta1.Spec.Names.Plural, + } + return fmt.Errorf("missing V1 definition for %s", gvr) + } + err := client.ApiextensionsV1().CustomResourceDefinitions().Delete(context.TODO(), crd.V1.Name, metav1.DeleteOptions{}) + if err != nil && !kerr.IsNotFound(err) { + return err + } + } + return nil +} diff --git a/vendor/kmodules.xyz/client-go/meta/preconditions.go b/vendor/kmodules.xyz/client-go/meta/preconditions.go index 0f7d914b..5a5f597a 100644 --- a/vendor/kmodules.xyz/client-go/meta/preconditions.go +++ b/vendor/kmodules.xyz/client-go/meta/preconditions.go @@ -25,7 +25,7 @@ import ( ) type PreConditionSet struct { - sets.String + sets.Set[string] } func (s PreConditionSet) PreconditionFunc() []mergepatch.PreconditionFunc { @@ -36,7 +36,7 @@ func (s PreConditionSet) PreconditionFunc() []mergepatch.PreconditionFunc { mergepatch.RequireMetadataKeyUnchanged("namespace"), } - for _, field := range s.List() { + for _, field := range sets.List[string](s.Set) { preconditions = append(preconditions, RequireChainKeyUnchanged(field), ) @@ -45,7 +45,7 @@ func (s PreConditionSet) PreconditionFunc() []mergepatch.PreconditionFunc { } func (s PreConditionSet) Error() error { - strList := strings.Join(s.List(), "\n\t") + strList := strings.Join(sets.List[string](s.Set), "\n\t") return fmt.Errorf(strings.Join([]string{`At least one of the following was changed: apiVersion kind diff --git a/vendor/kubestash.dev/apimachinery/apis/addons/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/addons/v1alpha1/zz_generated.deepcopy.go index 970e34a2..9c81f70b 100644 --- a/vendor/kubestash.dev/apimachinery/apis/addons/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/addons/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright AppsCode Inc. and Contributors diff --git a/vendor/kubestash.dev/apimachinery/apis/config/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/config/v1alpha1/zz_generated.deepcopy.go index cb7105df..3ef4a956 100644 --- a/vendor/kubestash.dev/apimachinery/apis/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/config/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright AppsCode Inc. and Contributors diff --git a/vendor/kubestash.dev/apimachinery/apis/constant.go b/vendor/kubestash.dev/apimachinery/apis/constant.go index 25c89934..4a6cb4b0 100644 --- a/vendor/kubestash.dev/apimachinery/apis/constant.go +++ b/vendor/kubestash.dev/apimachinery/apis/constant.go @@ -130,13 +130,13 @@ const ( ) const ( - ComponentPod = "pod" - ComponentDeployment = "deployment" - ComponentPVC = "pvc" - ComponentDump = "dump" - ComponentWal = "wal" - ComponentManifests = "manifests" - ComponentVolumeSnapshots = "volumesnapshots" + ComponentPod = "pod" + ComponentDeployment = "deployment" + ComponentPVC = "pvc" + ComponentDump = "dump" + ComponentWal = "wal" + ComponentManifest = "manifest" + ComponentVolumeSnapshot = "volumesnapshot" ) const ( diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go index 85e3c5f3..9df1be76 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright AppsCode Inc. and Contributors diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/backupstorage_webhook.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/backupstorage_webhook.go index 1f603dbc..fdfc3dd3 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/backupstorage_webhook.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/backupstorage_webhook.go @@ -199,19 +199,19 @@ func (r *BackupStorage) isPointToSameDir(bs BackupStorage) bool { return true } return false - case ProviderB2: - if r.Spec.Storage.B2.Bucket == bs.Spec.Storage.B2.Bucket && - r.Spec.Storage.B2.Prefix == bs.Spec.Storage.B2.Prefix { - return true - } - return false - case ProviderSwift: - // TODO: check for account - if r.Spec.Storage.Swift.Container == bs.Spec.Storage.Swift.Container && - r.Spec.Storage.Swift.Prefix == bs.Spec.Storage.Swift.Prefix { - return true - } - return false + //case ProviderB2: + // if r.Spec.Storage.B2.Bucket == bs.Spec.Storage.B2.Bucket && + // r.Spec.Storage.B2.Prefix == bs.Spec.Storage.B2.Prefix { + // return true + // } + // return false + //case ProviderSwift: + // // TODO: check for account + // if r.Spec.Storage.Swift.Container == bs.Spec.Storage.Swift.Container && + // r.Spec.Storage.Swift.Prefix == bs.Spec.Storage.Swift.Prefix { + // return true + // } + // return false default: return false } diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go index c07fba5a..86230705 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types.go @@ -36,9 +36,9 @@ const ( ProviderS3 StorageProvider = "s3" ProviderGCS StorageProvider = "gcs" ProviderAzure StorageProvider = "azure" - ProviderSwift StorageProvider = "swift" - ProviderB2 StorageProvider = "b2" - ProviderRest StorageProvider = "rest" + //ProviderSwift StorageProvider = "swift" + //ProviderB2 StorageProvider = "b2" + //ProviderRest StorageProvider = "rest" ) type Backend struct { @@ -61,17 +61,19 @@ type Backend struct { // +optional Azure *AzureSpec `json:"azure,omitempty"` - // Swift specifies the storage information for Swift container - // +optional - Swift *SwiftSpec `json:"swift,omitempty"` + /* + // Swift specifies the storage information for Swift container + // +optional + Swift *SwiftSpec `json:"swift,omitempty"` - // B2 specifies the storage information for B2 bucket - // +optional - B2 *B2Spec `json:"b2,omitempty"` + // B2 specifies the storage information for B2 bucket + // +optional + B2 *B2Spec `json:"b2,omitempty"` - // Rest specifies the storage information for rest storage server - // +optional - Rest *RestServerSpec `json:"rest,omitempty"` + // Rest specifies the storage information for rest storage server + // +optional + Rest *RestServerSpec `json:"rest,omitempty"` + */ } type LocalSpec struct { @@ -102,9 +104,9 @@ type S3Spec struct { // +optional Region string `json:"region,omitempty"` - // Secret specifies the name of the Secret that contains the access credential for this storage. + // SecretName specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } type GCSSpec struct { @@ -118,9 +120,9 @@ type GCSSpec struct { // +optional MaxConnections int64 `json:"maxConnections,omitempty"` - // Secret specifies the name of the Secret that contains the access credential for this storage. + // SecretName specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } type AzureSpec struct { @@ -137,11 +139,12 @@ type AzureSpec struct { // +optional MaxConnections int64 `json:"maxConnections,omitempty"` - // Secret specifies the name of the Secret that contains the access credential for this storage. + // SecretName specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } +/* type SwiftSpec struct { // Container specifies the name of the Swift container that will be used as storage backend. Container string `json:"container,omitempty"` @@ -151,7 +154,7 @@ type SwiftSpec struct { // Secret specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } type B2Spec struct { @@ -167,7 +170,7 @@ type B2Spec struct { // Secret specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } type RestServerSpec struct { @@ -176,5 +179,6 @@ type RestServerSpec struct { // Secret specifies the name of the Secret that contains the access credential for this storage. // +optional - Secret string `json:"secret,omitempty"` + SecretName string `json:"secretName,omitempty"` } +*/ diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go index 0005004d..117a5ffa 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright AppsCode Inc. and Contributors @@ -42,21 +41,6 @@ func (in *AzureSpec) DeepCopy() *AzureSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *B2Spec) DeepCopyInto(out *B2Spec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new B2Spec. -func (in *B2Spec) DeepCopy() *B2Spec { - if in == nil { - return nil - } - out := new(B2Spec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backend) DeepCopyInto(out *Backend) { *out = *in @@ -80,21 +64,6 @@ func (in *Backend) DeepCopyInto(out *Backend) { *out = new(AzureSpec) **out = **in } - if in.Swift != nil { - in, out := &in.Swift, &out.Swift - *out = new(SwiftSpec) - **out = **in - } - if in.B2 != nil { - in, out := &in.B2, &out.B2 - *out = new(B2Spec) - **out = **in - } - if in.Rest != nil { - in, out := &in.Rest, &out.Rest - *out = new(RestServerSpec) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backend. @@ -474,21 +443,6 @@ func (in *RepositoryStatus) DeepCopy() *RepositoryStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RestServerSpec) DeepCopyInto(out *RestServerSpec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestServerSpec. -func (in *RestServerSpec) DeepCopy() *RestServerSpec { - if in == nil { - return nil - } - out := new(RestServerSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResticStats) DeepCopyInto(out *ResticStats) { *out = *in @@ -788,21 +742,6 @@ func (in *SuccessfulSnapshotsKeepPolicy) DeepCopy() *SuccessfulSnapshotsKeepPoli return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SwiftSpec) DeepCopyInto(out *SwiftSpec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SwiftSpec. -func (in *SwiftSpec) DeepCopy() *SwiftSpec { - if in == nil { - return nil - } - out := new(SwiftSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumeSnapshotterStats) DeepCopyInto(out *VolumeSnapshotterStats) { *out = *in diff --git a/vendor/kubestash.dev/apimachinery/apis/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/zz_generated.deepcopy.go index 6ee74efd..40d4e350 100644 --- a/vendor/kubestash.dev/apimachinery/apis/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright AppsCode Inc. and Contributors diff --git a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml index 5cba0765..bd899cfb 100644 --- a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_addons.yaml @@ -659,7 +659,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -830,11 +830,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -868,10 +868,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -898,33 +902,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -942,11 +954,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -982,7 +1006,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -1048,6 +1073,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -1426,6 +1479,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -2098,11 +2263,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -2135,10 +2300,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will - always have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -2165,30 +2333,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as such if both + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is - non-empty. There are two important differences - between DataSource and DataSourceRef: * - While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a - disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled.' + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -2206,11 +2383,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -2243,7 +2430,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2304,6 +2492,30 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass + used by this claim. If specified, the CSI + driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can be + changed after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to + a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -2964,7 +3176,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3135,11 +3347,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3173,10 +3385,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -3203,33 +3419,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -3247,11 +3471,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -3287,7 +3523,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -3353,6 +3590,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -3731,6 +3996,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -4403,11 +4780,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -4440,10 +4817,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will - always have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -4470,30 +4850,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as such if both + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is - non-empty. There are two important differences - between DataSource and DataSourceRef: * - While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a - disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled.' + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -4511,11 +4900,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -4548,7 +4947,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4609,6 +5009,30 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass + used by this claim. If specified, the CSI + driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can be + changed after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to + a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value diff --git a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml index 49dd0872..1237371a 100644 --- a/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/addons.kubestash.com_functions.yaml @@ -331,7 +331,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -359,6 +361,17 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -426,7 +439,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -454,6 +469,17 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. @@ -506,8 +532,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number must @@ -539,7 +563,9 @@ spec: be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be + canonicalized upon output, so case-variant names + will be understood as the same header. type: string value: description: The header field value @@ -665,8 +691,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number must @@ -698,7 +722,9 @@ spec: be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be + canonicalized upon output, so case-variant names + will be understood as the same header. type: string value: description: The header field value @@ -790,6 +816,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -810,7 +858,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -931,7 +980,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT + be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -963,15 +1013,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components that - enable the WindowsHostProcessContainers feature flag. - Setting this field without the feature flag will result - in errors when validating the Pod. All of a Pod's containers - must have the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml index d4b99793..3d6063dc 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupbatches.yaml @@ -447,7 +447,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -480,6 +484,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -568,7 +585,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -601,6 +622,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -664,9 +698,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -705,7 +737,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -853,9 +888,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -894,7 +927,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -1002,6 +1038,32 @@ spec: container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1025,7 +1087,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1170,8 +1233,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -1212,18 +1276,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -1583,7 +1641,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1660,6 +1720,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -1826,7 +1952,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1895,6 +2023,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -2049,7 +2237,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -2126,6 +2316,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -2292,7 +2548,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -2361,6 +2619,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -2715,8 +3033,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -2735,8 +3054,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -2793,18 +3119,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -2960,7 +3280,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -2968,10 +3288,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -3055,8 +3382,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -3070,8 +3397,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -3782,7 +4109,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3975,11 +4302,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -4016,10 +4343,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -4048,35 +4379,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -4096,11 +4437,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -4139,7 +4494,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4213,6 +4569,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -4623,6 +5008,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -5587,7 +6099,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -5620,6 +6136,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -5708,7 +6237,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -5741,6 +6274,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -5804,9 +6350,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -5845,7 +6389,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -5993,9 +6540,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -6034,7 +6579,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -6142,6 +6690,32 @@ spec: container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6165,7 +6739,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -6310,8 +6885,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -6352,18 +6928,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -6723,7 +7293,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -6800,6 +7372,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -6966,7 +7604,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -7035,6 +7675,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -7189,7 +7889,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -7266,6 +7968,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -7432,7 +8200,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -7501,6 +8271,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -7855,8 +8685,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -7875,8 +8706,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -7933,18 +8771,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -8100,7 +8932,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -8108,10 +8940,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -8195,8 +9034,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -8210,8 +9049,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -8922,7 +9761,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -9115,11 +9954,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9156,10 +9995,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -9188,35 +10031,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -9236,11 +10089,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -9279,7 +10146,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9353,6 +10221,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -9763,6 +10660,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -10900,7 +11924,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -10973,6 +11999,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -11132,7 +12219,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -11200,6 +12289,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -11350,7 +12494,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -11423,6 +12569,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -11582,7 +12789,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -11650,6 +12859,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -11918,8 +13182,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -11959,18 +13224,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -12544,7 +13805,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -12577,6 +13842,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12671,7 +13949,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -12704,6 +13986,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12770,9 +14065,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -12813,7 +14106,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13023,9 +14320,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -13066,7 +14361,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13175,11 +14474,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -13204,9 +14554,38 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -13367,7 +14746,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -13411,20 +14792,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -13485,9 +14860,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -13528,7 +14901,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13835,7 +15212,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -13866,6 +15246,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13953,7 +15346,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -13984,6 +15380,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -14048,9 +15457,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -14089,7 +15496,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -14257,9 +15667,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -14298,7 +15706,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -14402,6 +15813,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -14425,7 +15862,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -14557,8 +15995,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -14577,8 +16016,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -14633,18 +16079,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -14813,18 +16255,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -14905,8 +16354,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -14919,8 +16368,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -15535,7 +16984,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -15760,12 +17209,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -15805,11 +17254,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -15842,9 +17297,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -15853,31 +17308,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -15900,11 +17368,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -15946,7 +17429,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -16031,6 +17516,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -16473,6 +17993,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -17501,7 +19168,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -17532,6 +19202,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -17616,7 +19299,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -17647,6 +19333,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -17708,8 +19407,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -17743,7 +19441,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -17886,8 +19588,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -17921,7 +19622,11 @@ spec: custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. type: string value: description: The header field value @@ -18024,6 +19729,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -18047,7 +19777,8 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -18187,8 +19918,8 @@ spec: preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind @@ -18228,18 +19959,13 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + Process' container. All of a Pod's containers + must have the same effective HostProcess + value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess + is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -18651,7 +20377,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -18728,6 +20456,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -18894,7 +20688,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -18963,6 +20759,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -19117,7 +20973,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -19194,6 +21052,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -19360,7 +21284,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -19429,6 +21355,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -19702,8 +21688,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -19744,18 +21731,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -20349,7 +22330,12 @@ spec: properties: name: description: The header - field name + field name. This + will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The header @@ -20383,6 +22369,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -20481,7 +22482,12 @@ spec: properties: name: description: The header - field name + field name. This + will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The header @@ -20515,6 +22521,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -20585,9 +22606,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -20628,7 +22647,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -20847,9 +22870,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -20890,7 +22911,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21003,11 +23028,65 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy + for the container. + items: + description: ContainerResizePolicy + represents resource resize policy + for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to + apply when specified resource + is resized. If not specified, + it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is + immutable. It can only be set + for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in + pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -21033,9 +23112,41 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines + the restart behavior of individual + containers in a pod. This field may + only be set for init containers, and + the only allowed value is "Always". + For non-init containers or when this + field is not specified, the restart + behavior is defined by the Pod''s + restart policy and the container type. + Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have + terminated. Once all regular containers + have completed, all init containers + with restartPolicy "Always" will be + shut down. This lifecycle differs + from normal init containers and is + often referred to as a "sidecar" container. + Although this init container still + starts in the init container sequence, + it does not wait for the container + to complete before proceeding to the + next init container. Instead, the + next init container starts immediately + after this init container is started, + or after any startupProbe has successfully + completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container @@ -21204,8 +23315,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set - if type is "Localhost". + location. Must be set if type + is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates @@ -21251,20 +23363,12 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level - and will only be honored by - components that enable the - WindowsHostProcessContainers - feature flag. Setting this - field without the feature - flag will result in errors - when validating the Pod. All - of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess + All of a Pod's containers + must have the same effective + HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. @@ -21331,9 +23435,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is - a beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of @@ -21374,7 +23476,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21695,7 +23801,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21728,6 +23838,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -21816,7 +23939,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -21849,6 +23976,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -21915,9 +24055,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -21956,7 +24094,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -22129,9 +24270,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -22170,7 +24309,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -22277,6 +24419,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -22300,7 +24468,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -22435,8 +24604,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -22455,8 +24625,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -22513,18 +24690,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -22701,7 +24872,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -22709,10 +24880,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -22796,8 +24974,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -22811,8 +24989,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -23442,7 +25620,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -23681,12 +25859,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -23727,11 +25905,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -23766,10 +25951,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -23778,35 +25963,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -23830,11 +26029,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -23880,8 +26096,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -23970,6 +26187,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -24424,6 +26680,164 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data @@ -25753,7 +28167,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -26006,12 +28420,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -26055,12 +28469,17 @@ spec: create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource + source. When the AnyVolumeDataSource feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef - field.' + dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If + the namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -26097,10 +28516,10 @@ spec: the volume with data, if a non-empty volume is desired. This may - be any local object - from a non-empty API - group (non core object) - or a PersistentVolumeClaim + be any object from a + non-empty API group + (non core object) or + a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed @@ -26110,35 +28529,49 @@ spec: or dynamic provisioner. This field will replace the functionality of - the DataSource field + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both - fields (DataSource and - DataSourceRef) will + compatibility, when + namespace isn''t specified + in dataSourceRef, both + fields (dataSource and + dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important differences between - DataSource and DataSourceRef: - * While DataSource only + dataSource and dataSourceRef: + * While dataSource only allows two specific - types of objects, DataSourceRef + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) - Using this field requires + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -26164,11 +28597,32 @@ spec: is the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace + of resource being + referenced Note + that when a namespace + is specified, a + gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent + namespace to allow + that namespace's + owner to accept + the reference. See + the ReferenceGrant + documentation for + details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to + be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -26215,8 +28669,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests + cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -26313,6 +28768,47 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. + If specified, the CSI + driver will create or + update the volume with + the attributes defined + in the corresponding + VolumeAttributesClass. + This has a different + purpose than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not + allowed to reset this + field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this + PersistentVolumeClaim + will be set to a Pending + state, as reflected + by the modifyVolumeStatus + field, until such as + a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of @@ -26774,6 +29270,176 @@ spec: may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access + the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated + by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be + selected by name, or by + the combination of signer + name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM + contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The + ordering of certificates + within the file is arbitrary, + and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select + all ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set + but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A + label selector + requirement + is a selector + that contains + values, a key, + and an operator + that relates + the key and + values. + properties: + key: + description: key + is the label + key that + the selector + applies + to. + type: string + operator: + description: operator + represents + a key's + relationship + to a set + of values. + Valid operators + are In, + NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string + values. + If the operator + is In or + NotIn, the + values array + must be + non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a + strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in + the matchLabels + map is equivalent + to an element + of matchExpressions, + whose key field + is "key", the + operator is "In", + and the values + array contains + only "value". + The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select + a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced + ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to + exist. If using signerName, + then the combination + of signerName and + labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the + bundle. + type: string + signerName: + description: Select + all ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data @@ -27698,12 +30364,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -27743,11 +30409,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -27780,9 +30452,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -27791,31 +30463,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -27838,11 +30523,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -27884,7 +30584,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -27969,6 +30671,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -28198,11 +30935,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -28237,10 +30974,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -28270,7 +31012,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -28280,28 +31022,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -28322,11 +31075,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -28365,7 +31132,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -28445,6 +31213,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -28472,6 +31272,80 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller + receives persistentvolume + claim update with ClaimResourceStatus + for a resource that it does + not recognizes, then it should + ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being + resized for the given PVC. Key + names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: + - storage - the capacity of + the volume. * Custom resources + must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have + kubernetes.io prefix are considered + reserved and hence may not be + used. \n ClaimResourceStatus + can be in any of following states: + - ControllerResizeInProgress: + State set when resize controller + starts resizing the volume in + control-plane. - ControllerResizeFailed: + State set when resize has failed + in resize controller with a + terminal error. - NodeResizePending: + State set when resize controller + has finished resizing the volume + but further resizing of volume + is needed on the node. - NodeResizeInProgress: + State set when kubelet starts + resizing the volume. - NodeResizeFailed: + State set when resizing has + failed in kubelet with a terminal + error. Transient errors don't + set NodeResizeFailed. For example: + if expanding a PVC for more + capacity - this field can be + one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" + - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - + pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When + this field is not set, it means + that no resize operation is + in progress for the given PVC. + \n A controller that receives + PVC update with previously unknown + resourceName or ClaimResourceStatus + should ignore the update for + the purpose it was designed. + For example - a controller that + only is responsible for resizing + capacity of the volume, should + ignore PVC updates that change + other valid resources associated + with PVC. \n This is an alpha + field and requires enabling + RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -28479,11 +31353,22 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources - is the storage resource within - AllocatedResources tracks the - capacity allocated to a PVC. - It may be larger than the actual + description: "allocatedResources + tracks the resources allocated + to a PVC including its capacity. + Key names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: + - storage - the capacity of + the volume. * Custom resources + must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have + kubernetes.io prefix are considered + reserved and hence may not be + used. \n Capacity reported here + may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value @@ -28498,9 +31383,19 @@ spec: no expansion operations in progress and if the actual volume capacity is equal or lower than the requested - capacity. This is an alpha field + capacity. \n A controller that + receives PVC update with previously + unknown resourceName should + ignore the update for the purpose + it was designed. For example + - a controller that only is + responsible for resizing capacity + of the volume, should ignore + PVC updates that change other + valid resources associated with + PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. + feature." type: object capacity: additionalProperties: @@ -28522,7 +31417,7 @@ spec: to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state + contains details about state of pvc properties: lastProbeTime: @@ -28567,22 +31462,63 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, + there is no VolumeAttributeClass + applied to this PersistentVolumeClaim + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus + represents the status object + of ControllerModifyVolume operation. + When this is unset, there is + no ModifyVolume operation being + attempted. This is an alpha + field and requires enabling + VolumeAttributesClass feature. + properties: + status: + description: 'status is the + status of the ControllerModifyVolume + operation. It can be in + any of following states: + - Pending Pending indicates + that the PersistentVolumeClaim + cannot be modified due to + unmet requirements, such + as the specified VolumeAttributesClass + not existing. - InProgress + InProgress indicates that + the volume is being modified. + - Infeasible Infeasible + indicates that the request + has been rejected as invalid + by the CSI driver. To resolve + the error, a valid VolumeAttributesClass + needs to be specified. Note: + New statuses can be added + in the future. Consumers + should check for unknown + statuses and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being + reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores - status of resize operation. - ResizeStatus is not set by default - but when expansion is complete - resizeStatus is set to empty - string by resize controller - or kubelet. This is an alpha - field and requires enabling - RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -29182,7 +32118,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -29435,12 +32371,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -29484,12 +32420,17 @@ spec: create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource + source. When the AnyVolumeDataSource feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef - field.' + dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If + the namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -29526,10 +32467,10 @@ spec: the volume with data, if a non-empty volume is desired. This may - be any local object - from a non-empty API - group (non core object) - or a PersistentVolumeClaim + be any object from a + non-empty API group + (non core object) or + a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed @@ -29539,35 +32480,49 @@ spec: or dynamic provisioner. This field will replace the functionality of - the DataSource field + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both - fields (DataSource and - DataSourceRef) will + compatibility, when + namespace isn''t specified + in dataSourceRef, both + fields (dataSource and + dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important differences between - DataSource and DataSourceRef: - * While DataSource only + dataSource and dataSourceRef: + * While dataSource only allows two specific - types of objects, DataSourceRef + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) - Using this field requires + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -29593,11 +32548,32 @@ spec: is the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace + of resource being + referenced Note + that when a namespace + is specified, a + gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent + namespace to allow + that namespace's + owner to accept + the reference. See + the ReferenceGrant + documentation for + details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to + be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -29644,8 +32620,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests + cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -29742,6 +32719,47 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. + If specified, the CSI + driver will create or + update the volume with + the attributes defined + in the corresponding + VolumeAttributesClass. + This has a different + purpose than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not + allowed to reset this + field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this + PersistentVolumeClaim + will be set to a Pending + state, as reflected + by the modifyVolumeStatus + field, until such as + a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of @@ -30208,6 +33226,176 @@ spec: may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access + the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated + by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be + selected by name, or by + the combination of signer + name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM + contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The + ordering of certificates + within the file is arbitrary, + and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select + all ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set + but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A + label selector + requirement + is a selector + that contains + values, a key, + and an operator + that relates + the key and + values. + properties: + key: + description: key + is the label + key that + the selector + applies + to. + type: string + operator: + description: operator + represents + a key's + relationship + to a set + of values. + Valid operators + are In, + NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string + values. + If the operator + is In or + NotIn, the + values array + must be + non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a + strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in + the matchLabels + map is equivalent + to an element + of matchExpressions, + whose key field + is "key", the + operator is "In", + and the values + array contains + only "value". + The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select + a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced + ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to + exist. If using signerName, + then the combination + of signerName and + labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the + bundle. + type: string + signerName: + description: Select + all ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml index ec208615..a84eff91 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupblueprints.yaml @@ -376,7 +376,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -407,6 +410,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -489,7 +505,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -520,6 +539,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -578,8 +610,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -613,7 +644,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -751,8 +785,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -786,7 +819,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -886,6 +922,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -907,8 +968,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1045,8 +1106,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -1083,18 +1145,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -1494,7 +1550,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1567,6 +1625,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -1726,7 +1845,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1794,6 +1915,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -1944,7 +2120,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -2017,6 +2195,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -2176,7 +2415,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -2244,6 +2485,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -2512,8 +2808,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -2553,18 +2850,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -3138,7 +3431,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3171,6 +3468,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3265,7 +3575,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3298,6 +3612,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3364,9 +3691,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -3407,7 +3732,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3617,9 +3946,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -3660,7 +3987,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3769,11 +4100,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3798,9 +4180,38 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -3961,7 +4372,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -4005,20 +4418,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -4079,9 +4486,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -4122,7 +4527,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -4429,7 +4838,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -4460,6 +4872,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -4547,7 +4972,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -4578,6 +5006,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -4642,9 +5083,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -4683,7 +5122,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4851,9 +5293,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -4892,7 +5332,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4996,6 +5439,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5019,7 +5488,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -5151,8 +5621,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -5171,8 +5642,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -5227,18 +5705,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -5407,18 +5881,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -5499,8 +5980,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -5513,8 +5994,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -6129,7 +6610,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -6354,12 +6835,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -6399,11 +6880,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -6436,9 +6923,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -6447,31 +6934,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -6494,11 +6994,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -6540,7 +7055,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -6625,6 +7142,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -7067,6 +7619,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -8331,7 +9030,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -8570,12 +9269,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8616,11 +9315,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -8655,10 +9361,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -8667,35 +9373,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -8719,11 +9439,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -8769,8 +9506,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8859,6 +9597,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -9308,61 +10085,219 @@ spec: be projected along with other supported volume types properties: - configMap: - description: configMap information - about the configMap data - to project + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." properties: - items: - description: items if - unspecified, each key-value - pair in the Data field - of the referenced ConfigMap - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. - items: - description: Maps a - string key to a path - within a volume. - properties: - key: - description: key - is the key to - project. - type: string - mode: - description: 'mode - is Optional: mode - bits used to set - permissions on - this file. Must - be an octal value - between 0000 and - 0777 or a decimal - value between - 0 and 511. YAML - accepts both octal - and decimal values, - JSON requires - decimal values - for mode bits. - If not specified, + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information + about the configMap data + to project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced ConfigMap + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + ConfigMap, the volume + setup will error unless + it is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, the volume defaultMode will be used. This might be @@ -10191,12 +11126,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10235,11 +11170,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -10272,9 +11211,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -10282,31 +11221,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -10328,11 +11279,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -10372,7 +11338,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10453,6 +11421,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -10677,11 +11677,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10715,10 +11715,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -10747,35 +11751,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -10795,11 +11809,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -10838,7 +11866,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10912,6 +11941,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -10939,6 +11997,75 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller + receives persistentvolume claim + update with ClaimResourceStatus + for a resource that it does + not recognizes, then it should + ignore that update and let other + controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being + resized for the given PVC. Key + names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + ClaimResourceStatus can be in + any of following states: - ControllerResizeInProgress: + State set when resize controller + starts resizing the volume in + control-plane. - ControllerResizeFailed: + State set when resize has failed + in resize controller with a terminal + error. - NodeResizePending: State + set when resize controller has + finished resizing the volume but + further resizing of volume is + needed on the node. - NodeResizeInProgress: + State set when kubelet starts + resizing the volume. - NodeResizeFailed: + State set when resizing has failed + in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. + For example: if expanding a PVC + for more capacity - this field + can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - + pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this + field is not set, it means that + no resize operation is in progress + for the given PVC. \n A controller + that receives PVC update with + previously unknown resourceName + or ClaimResourceStatus should + ignore the update for the purpose + it was designed. For example - + a controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -10946,14 +12073,25 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources - is the storage resource within - AllocatedResources tracks the - capacity allocated to a PVC. It - may be larger than the actual - capacity when a volume expansion - operation is requested. For storage - quota, the larger value from allocatedResources + description: "allocatedResources + tracks the resources allocated + to a PVC including its capacity. + Key names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + Capacity reported here may be + larger than the actual capacity + when a volume expansion operation + is requested. For storage quota, + the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used @@ -10964,9 +12102,18 @@ spec: operations in progress and if the actual volume capacity is equal or lower than the requested - capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + capacity. \n A controller that + receives PVC update with previously + unknown resourceName should ignore + the update for the purpose it + was designed. For example - a + controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -10987,7 +12134,7 @@ spec: Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state + contains details about state of pvc properties: lastProbeTime: @@ -11030,21 +12177,61 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, + there is no VolumeAttributeClass + applied to this PersistentVolumeClaim + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus + represents the status object of + ControllerModifyVolume operation. + When this is unset, there is no + ModifyVolume operation being attempted. + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the + status of the ControllerModifyVolume + operation. It can be in any + of following states: - Pending + Pending indicates that the + PersistentVolumeClaim cannot + be modified due to unmet requirements, + such as the specified VolumeAttributesClass + not existing. - InProgress + InProgress indicates that + the volume is being modified. + - Infeasible Infeasible indicates + that the request has been + rejected as invalid by the + CSI driver. To resolve the + error, a valid VolumeAttributesClass + needs to be specified. Note: + New statuses can be added + in the future. Consumers should + check for unknown statuses + and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores - status of resize operation. ResizeStatus - is not set by default but when - expansion is complete resizeStatus - is set to empty string by resize - controller or kubelet. This is - an alpha field and requires enabling - RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -11618,7 +12805,7 @@ spec: the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -11857,12 +13044,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -11903,11 +13090,18 @@ spec: data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef field.' + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -11942,10 +13136,10 @@ spec: which to populate the volume with data, if a non-empty volume is desired. - This may be any local - object from a non-empty - API group (non core object) - or a PersistentVolumeClaim + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -11954,35 +13148,49 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource - and DataSourceRef) will + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There - are two important differences - between DataSource and - DataSourceRef: * While - DataSource only allows + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows two specific types of - objects, DataSourceRef + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup @@ -12006,11 +13214,28 @@ spec: the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -12056,8 +13281,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -12146,6 +13372,45 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume @@ -12600,6 +13865,164 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data @@ -13850,7 +15273,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13883,6 +15310,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13977,7 +15417,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -14010,6 +15454,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -14076,9 +15533,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -14119,7 +15574,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -14276,9 +15735,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -14319,7 +15776,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -14433,6 +15894,32 @@ spec: by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -14457,7 +15944,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -14618,7 +16106,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -14662,20 +16152,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -15076,7 +16560,9 @@ spec: description: A label query over a set of resources, in this - case pods. + case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15168,6 +16654,80 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key in (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MatchLabelKeys + and LabelSelector. + Also, MatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key notin (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MismatchLabelKeys + and LabelSelector. + Also, MismatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set @@ -15363,7 +16923,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15440,6 +17002,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -15610,7 +17238,9 @@ spec: description: A label query over a set of resources, in this - case pods. + case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15702,6 +17332,80 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key in (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MatchLabelKeys + and LabelSelector. + Also, MatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key notin (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MismatchLabelKeys + and LabelSelector. + Also, MismatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set @@ -15897,7 +17601,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -15974,6 +17680,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -16358,7 +18130,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -16378,10 +18152,18 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no - groups will be added to any container. - Note that this field cannot be set - when spec.os.name is windows. + primary GID, the fsGroup (if specified), + and group memberships defined in + the container image for the uid + of the container process. If unspecified, + no additional groups are added to + any container. Note that group memberships + defined in the container image for + the uid of the container process + are still effective, even if they + are not included in this list. Note + that this field cannot be set when + spec.os.name is windows. items: format: int64 type: integer @@ -16440,20 +18222,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -16619,8 +18395,8 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a - set of pod label keys to select + description: "MatchLabelKeys is + a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the @@ -16629,10 +18405,18 @@ spec: to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in - the incoming pod labels will be - ignored. A null or empty list + pod. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector + isn't set. Keys that don't exist + in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -16725,7 +18509,7 @@ spec: in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -16741,7 +18525,7 @@ spec: All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -17488,7 +19272,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -17701,12 +19485,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -17745,11 +19529,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -17782,9 +19570,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -17792,31 +19580,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -17838,11 +19638,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -17882,7 +19697,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -17963,6 +19780,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -18392,6 +20241,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -19417,7 +21404,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -19450,6 +21441,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -19544,7 +21548,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -19577,6 +21585,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -19643,9 +21664,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -19686,7 +21705,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -19843,9 +21866,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -19886,7 +21907,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -20000,6 +22025,32 @@ spec: by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -20024,7 +22075,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -20185,7 +22237,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -20229,20 +22283,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -20643,7 +22691,9 @@ spec: description: A label query over a set of resources, in this - case pods. + case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -20735,6 +22785,80 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key in (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MatchLabelKeys + and LabelSelector. + Also, MatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key notin (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MismatchLabelKeys + and LabelSelector. + Also, MismatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set @@ -20930,7 +23054,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -21007,6 +23133,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -21177,7 +23369,9 @@ spec: description: A label query over a set of resources, in this - case pods. + case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -21269,6 +23463,80 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key in (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MatchLabelKeys + and LabelSelector. + Also, MatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken + into consideration. + The keys are used + to lookup values from + the incoming pod labels, + those key-value labels + are merged with `LabelSelector` + as `key notin (value)` + to select the group + of existing pods which + pods will be taken + into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value + is empty. The same + key is forbidden to + exist in both MismatchLabelKeys + and LabelSelector. + Also, MismatchLabelKeys + cannot be set when + LabelSelector isn't + set. This is an alpha + field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set @@ -21464,7 +23732,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -21541,6 +23811,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -21925,7 +24261,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -21945,10 +24283,18 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no - groups will be added to any container. - Note that this field cannot be set - when spec.os.name is windows. + primary GID, the fsGroup (if specified), + and group memberships defined in + the container image for the uid + of the container process. If unspecified, + no additional groups are added to + any container. Note that group memberships + defined in the container image for + the uid of the container process + are still effective, even if they + are not included in this list. Note + that this field cannot be set when + spec.os.name is windows. items: format: int64 type: integer @@ -22007,20 +24353,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -22186,8 +24526,8 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a - set of pod label keys to select + description: "MatchLabelKeys is + a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the @@ -22196,10 +24536,18 @@ spec: to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in - the incoming pod labels will be - ignored. A null or empty list + pod. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector + isn't set. Keys that don't exist + in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -22292,7 +24640,7 @@ spec: in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -22308,7 +24656,7 @@ spec: All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string @@ -23055,7 +25403,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -23268,12 +25616,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -23312,11 +25660,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -23349,9 +25701,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -23359,31 +25711,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -23405,11 +25769,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -23449,7 +25828,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -23530,6 +25911,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -23959,6 +26372,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -25236,7 +27787,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -25320,6 +27873,76 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -25501,7 +28124,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -25574,6 +28199,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -25734,7 +28420,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -25818,6 +28506,76 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which + pods will be taken into + consideration. The keys + are used to lookup values + from the incoming pod + labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will + be taken into consideration + for the incoming pod's + pod (anti) affinity. + Keys that don't exist + in the incoming pod + labels will be ignored. + The default value is + empty. The same key + is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -25999,7 +28757,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -26072,6 +28832,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -26358,7 +29179,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -26400,21 +29223,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -27035,7 +29852,12 @@ spec: properties: name: description: The - header field name + header field name. + This will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The @@ -27070,6 +29892,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -27175,7 +30012,12 @@ spec: properties: name: description: The - header field name + header field name. + This will be canonicalized + upon output, so + case-variant names + will be understood + as the same header. type: string value: description: The @@ -27210,6 +30052,21 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being + terminated. + properties: + seconds: + description: Seconds is + the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -27283,9 +30140,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires - enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of @@ -27328,7 +30182,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -27551,9 +30409,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires - enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of @@ -27596,7 +30451,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -27710,11 +30569,67 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy + for the container. + items: + description: ContainerResizePolicy + represents resource resize policy + for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported + values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy + to apply when specified resource + is resized. If not specified, + it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the + names of resources, defined + in spec.resourceClaims, that + are used by this container. + \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field + is immutable. It can only be + set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry + in pod.spec.resourceClaims + of the Pod where this + field is used. It makes + that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -27741,9 +30656,42 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines + the restart behavior of individual + containers in a pod. This field + may only be set for init containers, + and the only allowed value is "Always". + For non-init containers or when + this field is not specified, the + restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy + as "Always" for the init container + will have the following effect: + this init container will be continually + restarted on exit until all regular + containers have terminated. Once + all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This + lifecycle differs from normal init + containers and is often referred + to as a "sidecar" container. Although + this init container still starts + in the init container sequence, + it does not wait for the container + to complete before proceeding to + the next init container. Instead, + the next init container starts immediately + after this init container is started, + or after any startupProbe has successfully + completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container @@ -27920,8 +30868,9 @@ spec: descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type - is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any + other type. type: string type: description: "type indicates @@ -27968,23 +30917,16 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is - alpha-level and will only - be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this - field without the feature - flag will result in errors - when validating the Pod. - All of a Pod's containers - must have the same effective - HostProcess value (it is - not allowed to have a mix - of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess - is true then HostNetwork - must also be set to true. + container. All of a Pod's + containers must have the + same effective HostProcess + value (it is not allowed + to have a mix of HostProcess + containers and non-HostProcess + containers). In addition, + if HostProcess is true then + HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName @@ -28050,9 +30992,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires - enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of @@ -28095,7 +31034,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -28423,7 +31366,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -28456,6 +31403,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -28547,7 +31507,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -28580,6 +31544,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -28649,9 +31626,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -28691,7 +31666,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -28868,9 +31846,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -28910,7 +31886,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -29018,6 +31997,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -29042,7 +32047,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -29182,7 +32188,9 @@ spec: to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". + Must be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -29202,10 +32210,18 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that - this field cannot be set when spec.os.name - is windows. + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container + process. If unspecified, no additional + groups are added to any container. + Note that group memberships defined + in the container image for the uid + of the container process are still + effective, even if they are not included + in this list. Note that this field + cannot be set when spec.os.name is + windows. items: format: int64 type: integer @@ -29260,21 +32276,15 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will - only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective HostProcess + a 'Host Process' container. All + of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true - then HostNetwork must also be - set to true. + and non-HostProcess containers). + In addition, if HostProcess is + true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -29455,20 +32465,27 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select the - pods over which spreading will be - calculated. The keys are used to - lookup values from the incoming + description: "MatchLabelKeys is a + set of pod label keys to select + the pods over which spreading will + be calculated. The keys are used + to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that - don't exist in the incoming pod - labels will be ignored. A null or - empty list means only match against - labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector + isn't set. Keys that don't exist + in the incoming pod labels will + be ignored. A null or empty list + means only match against labelSelector. + \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -29556,8 +32573,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -29572,8 +32589,8 @@ spec: All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a - alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread + beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -30229,7 +33246,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -30482,12 +33499,12 @@ spec: name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -30531,12 +33548,17 @@ spec: create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource + source. When the AnyVolumeDataSource feature gate is enabled, - this field will always - have the same contents - as the DataSourceRef - field.' + dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If + the namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -30573,10 +33595,10 @@ spec: the volume with data, if a non-empty volume is desired. This may - be any local object - from a non-empty API - group (non core object) - or a PersistentVolumeClaim + be any object from a + non-empty API group + (non core object) or + a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed @@ -30586,35 +33608,49 @@ spec: or dynamic provisioner. This field will replace the functionality of - the DataSource field + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both - fields (DataSource and - DataSourceRef) will + compatibility, when + namespace isn''t specified + in dataSourceRef, both + fields (dataSource and + dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important differences between - DataSource and DataSourceRef: - * While DataSource only + dataSource and dataSourceRef: + * While dataSource only allows two specific - types of objects, DataSourceRef + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) - Using this field requires + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -30640,11 +33676,32 @@ spec: is the name of resource being referenced type: string + namespace: + description: Namespace + is the namespace + of resource being + referenced Note + that when a namespace + is specified, a + gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent + namespace to allow + that namespace's + owner to accept + the reference. See + the ReferenceGrant + documentation for + details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to + be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum @@ -30691,8 +33748,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests + cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -30789,6 +33847,47 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. + If specified, the CSI + driver will create or + update the volume with + the attributes defined + in the corresponding + VolumeAttributesClass. + This has a different + purpose than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not + allowed to reset this + field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this + PersistentVolumeClaim + will be set to a Pending + state, as reflected + by the modifyVolumeStatus + field, until such as + a resource exists. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of @@ -31255,6 +34354,176 @@ spec: may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access + the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated + by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be + selected by name, or by + the combination of signer + name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM + contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The + ordering of certificates + within the file is arbitrary, + and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select + all ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set + but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A + label selector + requirement + is a selector + that contains + values, a key, + and an operator + that relates + the key and + values. + properties: + key: + description: key + is the label + key that + the selector + applies + to. + type: string + operator: + description: operator + represents + a key's + relationship + to a set + of values. + Valid operators + are In, + NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string + values. + If the operator + is In or + NotIn, the + values array + must be + non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a + strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in + the matchLabels + map is equivalent + to an element + of matchExpressions, + whose key field + is "key", the + operator is "In", + and the values + array contains + only "value". + The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select + a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced + ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to + exist. If using signerName, + then the combination + of signerName and + labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the + bundle. + type: string + signerName: + description: Select + all ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml index dd0883c3..ab929db6 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_backupconfigurations.yaml @@ -360,7 +360,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -390,6 +393,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -464,7 +479,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -494,6 +512,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -549,8 +579,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -584,7 +613,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -715,8 +747,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -750,7 +781,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -846,6 +880,30 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -867,7 +925,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -998,7 +1057,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -1034,14 +1094,10 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be - honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -1411,7 +1467,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1479,6 +1537,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -1629,6 +1742,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -1688,6 +1803,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -1824,7 +1989,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -1892,6 +2059,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -2042,6 +2264,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -2101,6 +2325,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -2350,8 +2624,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -2388,18 +2663,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -2947,7 +3216,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -2980,6 +3253,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3068,7 +3354,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -3101,6 +3391,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -3164,9 +3467,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -3205,7 +3506,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -3405,9 +3709,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -3446,7 +3748,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -3549,11 +3854,60 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the + container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to + which this resource resize policy + applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3577,9 +3931,36 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart + behavior of individual containers in a pod. + This field may only be set for init containers, + and the only allowed value is "Always". + For non-init containers or when this field + is not specified, the restart behavior is + defined by the Pod''s restart policy and + the container type. Setting the RestartPolicy + as "Always" for the init container will + have the following effect: this init container + will be continually restarted on exit until + all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs + from normal init containers and is often + referred to as a "sidecar" container. Although + this init container still starts in the + init container sequence, it does not wait + for the container to complete before proceeding + to the next init container. Instead, the + next init container starts immediately after + this init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be @@ -3724,8 +4105,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -3766,18 +4148,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -3836,9 +4212,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -3877,7 +4251,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4168,7 +4545,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4199,6 +4579,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -4281,7 +4674,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -4312,6 +4708,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -4373,8 +4782,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -4408,7 +4816,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -4569,8 +4980,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -4604,7 +5014,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -4704,6 +5117,31 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4725,8 +5163,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -4848,8 +5286,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -4866,10 +5305,16 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, - no groups will be added to any container. - Note that this field cannot be set when spec.os.name - is windows. + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -4919,18 +5364,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -5090,17 +5529,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will - be calculated for the incoming pod. Keys + be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means - only match against labelSelector. + only match against labelSelector. \n This + is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -5174,8 +5618,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -5188,7 +5632,8 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is - a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -5767,7 +6212,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -5963,11 +6408,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -6006,10 +6451,15 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when + dataSourceRef.namespace is not + specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -6039,7 +6489,7 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a non-empty + be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, @@ -6049,28 +6499,39 @@ spec: volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + when namespace isn''t specified + in dataSourceRef, both fields + (dataSource and dataSourceRef) + will be set to the same value + automatically if one of them + is empty and the other is non-empty. + When namespace is specified + in dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values (dropping - them), DataSourceRef preserves + them), dataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Beta) Using this - field requires the AnyVolumeDataSource + is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -6091,11 +6552,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note that + when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -6134,7 +6609,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -6214,6 +6690,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding + VolumeAttributesClass. This + has a different purpose than + storageClassName, it can be + changed after the claim is created. + An empty string value means + that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string once + it is set. If unspecified and + the PersistentVolumeClaim is + unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does not + exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -6631,6 +7139,137 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such as + inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering + of certificates within the file + is arbitrary, and Kubelet may + change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -7798,7 +8437,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -8011,12 +8650,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8055,11 +8694,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -8092,9 +8735,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -8102,31 +8745,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -8148,11 +8803,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -8192,7 +8862,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8273,6 +8945,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -8697,6 +9401,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -9491,11 +10333,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9532,10 +10374,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -9564,35 +10410,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -9612,11 +10468,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -9655,7 +10525,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9729,6 +10600,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -9935,11 +10835,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9971,10 +10871,14 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of the - specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -10003,33 +10907,44 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will - replace the functionality of the DataSource + replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource - only allows two specific types of - objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), - DataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled.' + when namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to + the same value automatically if one + of them is empty and the other is + non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be + empty. There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two + specific types of objects, dataSourceRef + allows any non-core object, as well + as PersistentVolumeClaim objects. + * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates + an error if a disallowed value is + specified. * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires the + AnyVolumeDataSource feature gate to + be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -10048,11 +10963,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -10089,6 +11016,7 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object @@ -10158,6 +11086,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to + empty string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the resource + referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, as + reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -10182,6 +11138,69 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update with + ClaimResourceStatus for a resource + that it does not recognizes, then + it should ignore that update and + let other controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being resized + for the given PVC. Key names follow + standard Kubernetes label syntax. + Valid values are either: * Un-prefixed + keys: - storage - the capacity of + the volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys that + are unprefixed or have kubernetes.io + prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus + can be in any of following states: + - ControllerResizeInProgress: State + set when resize controller starts + resizing the volume in control-plane. + - ControllerResizeFailed: State set + when resize has failed in resize controller + with a terminal error. - NodeResizePending: + State set when resize controller has + finished resizing the volume but further + resizing of volume is needed on the + node. - NodeResizeInProgress: State + set when kubelet starts resizing the + volume. - NodeResizeFailed: State + set when resizing has failed in kubelet + with a terminal error. Transient errors + don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity + - this field can be one of the following + states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - + pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field + is not set, it means that no resize + operation is in progress for the given + PVC. \n A controller that receives + PVC update with previously unknown + resourceName or ClaimResourceStatus + should ignore the update for the purpose + it was designed. For example - a controller + that only is responsible for resizing + capacity of the volume, should ignore + PVC updates that change other valid + resources associated with PVC. \n + This is an alpha field and requires + enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -10189,13 +11208,22 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the - storage resource within AllocatedResources - tracks the capacity allocated to a - PVC. It may be larger than the actual - capacity when a volume expansion operation - is requested. For storage quota, the - larger value from allocatedResources + description: "allocatedResources tracks + the resources allocated to a PVC including + its capacity. Key names follow standard + Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - + storage - the capacity of the volume. + * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that + are unprefixed or have kubernetes.io + prefix are considered reserved and + hence may not be used. \n Capacity + reported here may be larger than the + actual capacity when a volume expansion + operation is requested. For storage + quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. @@ -10205,9 +11233,17 @@ spec: operations in progress and if the actual volume capacity is equal or lower than the requested capacity. + \n A controller that receives PVC + update with previously unknown resourceName + should ignore the update for the purpose + it was designed. For example - a controller + that only is responsible for resizing + capacity of the volume, should ignore + PVC updates that change other valid + resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. + feature." type: object capacity: additionalProperties: @@ -10228,7 +11264,7 @@ spec: be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of + contains details about state of pvc properties: lastProbeTime: @@ -10267,20 +11303,57 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, there + is no VolumeAttributeClass applied + to this PersistentVolumeClaim This + is an alpha field and requires enabling + VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents + the status object of ControllerModifyVolume + operation. When this is unset, there + is no ModifyVolume operation being + attempted. This is an alpha field + and requires enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the status + of the ControllerModifyVolume + operation. It can be in any of + following states: - Pending Pending + indicates that the PersistentVolumeClaim + cannot be modified due to unmet + requirements, such as the specified + VolumeAttributesClass not existing. + - InProgress InProgress indicates + that the volume is being modified. + - Infeasible Infeasible indicates + that the request has been rejected + as invalid by the CSI driver. + To resolve the error, a valid + VolumeAttributesClass needs to + be specified. Note: New statuses + can be added in the future. Consumers + should check for unknown statuses + and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status - of resize operation. ResizeStatus - is not set by default but when expansion - is complete resizeStatus is set to - empty string by resize controller - or kubelet. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -10821,7 +11894,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -11034,12 +12107,12 @@ spec: name: description: 'Name of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -11078,11 +12151,15 @@ spec: specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource - feature gate is enabled, this - field will always have the - same contents as the DataSourceRef - field.' + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is @@ -11115,9 +12192,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This may - be any local object from a - non-empty API group (non core - object) or a PersistentVolumeClaim + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type @@ -11125,31 +12202,43 @@ spec: some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them - is empty and the other is - non-empty. There are two important - differences between DataSource - and DataSourceRef: * While - DataSource only allows two - specific types of objects, - DataSourceRef allows any non-core + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) - Using this field requires + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature - gate to be enabled.' + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is @@ -11171,11 +12260,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -11215,7 +12319,9 @@ spec: to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -11296,6 +12402,38 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -11725,6 +12863,144 @@ spec: projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle + objects in an auto-updating + file. \n Alpha, gated by the + ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label selector. + \n Kubelet performs aggressive + normalization of the PEM contents + written into the pod filesystem. + \ Esoteric PEM features such + as inter-block comments and + block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the order + over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If + set but empty, interpreted + as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by object + name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If using + name, then the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the + combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with + name. The contents of all + selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to @@ -12878,7 +14154,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -12911,6 +14191,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -12999,7 +14292,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -13032,6 +14329,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -13095,9 +14405,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -13136,7 +14444,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -13284,9 +14595,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -13325,7 +14634,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -13433,6 +14745,32 @@ spec: container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -13456,7 +14794,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -13601,8 +14940,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -13643,18 +14983,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -14014,7 +15348,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -14091,6 +15427,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -14257,7 +15659,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -14326,6 +15730,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -14480,7 +15944,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -14557,6 +16023,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -14723,7 +16255,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -14792,6 +16326,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -15146,8 +16740,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -15166,8 +16761,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -15224,18 +16826,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -15391,7 +16987,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -15399,10 +16995,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -15486,8 +17089,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -15501,8 +17104,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -16213,7 +17816,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -16406,11 +18009,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -16447,10 +18050,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -16479,35 +18086,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -16527,11 +18144,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -16570,7 +18201,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -16644,6 +18276,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -17054,6 +18715,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -18018,7 +19806,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -18051,6 +19843,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -18139,7 +19944,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -18172,6 +19981,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the + duration that the container should + sleep before being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -18235,9 +20057,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -18276,7 +20096,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -18424,9 +20247,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a beta - field and requires enabling GRPCContainerProbe - feature gate. + involving a GRPC port. properties: port: description: Port number of the gRPC @@ -18465,7 +20286,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -18573,6 +20397,32 @@ spec: container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -18596,7 +20446,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -18741,8 +20592,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -18783,18 +20635,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -19154,7 +21000,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -19231,6 +21079,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -19397,7 +21311,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -19466,6 +21382,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -19620,7 +21596,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If + it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -19697,6 +21675,72 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + in (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label + keys to select which pods + will be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with + `LabelSelector` as `key + notin (value)` to select + the group of existing + pods which pods will be + taken into consideration + for the incoming pod's + pod (anti) affinity. Keys + that don't exist in the + incoming pod labels will + be ignored. The default + value is empty. The same + key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an + alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -19863,7 +21907,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -19932,6 +21978,66 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken into + consideration for the incoming + pod's pod (anti) affinity. + Keys that don't exist in the + incoming pod labels will be + ignored. The default value + is empty. The same key is + forbidden to exist in both + MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming pod + labels, those key-value labels + are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. The + default value is empty. The + same key is forbidden to exist + in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that @@ -20286,8 +22392,9 @@ spec: must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". + seccomp profile location. Must be + set if type is "Localhost". Must + NOT be set for any other type. type: string type: description: "type indicates which @@ -20306,8 +22413,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. Note that + GID, the fsGroup (if specified), and + group memberships defined in the container + image for the uid of the container process. + If unspecified, no additional groups + are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are + not included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -20364,18 +22478,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have + a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess + containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean @@ -20531,7 +22639,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values @@ -20539,10 +22647,17 @@ spec: key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys + cannot be set when LabelSelector isn't + set. Keys that don't exist in the + incoming pod labels will be ignored. + A null or empty list means only match + against labelSelector. \n This is + a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -20626,8 +22741,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -20641,8 +22756,8 @@ spec: are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -21353,7 +23468,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -21546,11 +23661,11 @@ spec: type: string name: description: 'Name of the - referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -21587,10 +23702,14 @@ spec: data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field will - always have the same contents - as the DataSourceRef field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the @@ -21619,35 +23738,45 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty - API group (non core object) or - a PersistentVolumeClaim object. - When this field is specified, + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as + of the dataSource field and as such if both fields are non-empty, they must have the same value. - For backwards compatibility, both - fields (DataSource and DataSourceRef) - will be set to the same value - automatically if one of them is - empty and the other is non-empty. - There are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, - DataSourceRef allows any non-core + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -21667,11 +23796,25 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -21710,7 +23853,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -21784,6 +23928,35 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -22194,6 +24367,133 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into + the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates within + the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is + set. Mutually-exclusive with + name. If unset, interpreted + as "match nothing". If set + but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't + available. If using name, then + the named ClusterTrustBundle + is allowed not to exist. If + using signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. + Mutually-exclusive with name. The + contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -23381,7 +25681,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -23454,6 +25756,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -23613,7 +25976,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -23681,6 +26046,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -23831,7 +26251,9 @@ spec: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -23904,6 +26326,67 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, + MatchLabelKeys cannot be + set when LabelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `LabelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, + MismatchLabelKeys cannot + be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces @@ -24063,7 +26546,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -24131,6 +26616,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -24399,8 +26939,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -24440,18 +26981,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -25025,7 +27562,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -25058,6 +27599,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -25152,7 +27706,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -25185,6 +27743,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -25251,9 +27822,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -25294,7 +27863,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -25504,9 +28077,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -25547,7 +28118,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -25656,11 +28231,62 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -25685,9 +28311,38 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should @@ -25848,7 +28503,9 @@ spec: work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must - only be set if type is "Localhost". + be set if type is "Localhost". + Must NOT be set for any other + type. type: string type: description: "type indicates which @@ -25892,20 +28549,14 @@ spec: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and - will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will - result in errors when validating - the Pod. All of a Pod's containers - must have the same effective - HostProcess value (it is not - allowed to have a mix of HostProcess - containers and non-HostProcess - containers). In addition, if - HostProcess is true then HostNetwork - must also be set to true. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. type: boolean runAsUserName: description: The UserName in Windows @@ -25966,9 +28617,7 @@ spec: type: integer grpc: description: GRPC specifies an action - involving a GRPC port. This is a - beta field and requires enabling - GRPCContainerProbe feature gate. + involving a GRPC port. properties: port: description: Port number of the @@ -26009,7 +28658,11 @@ spec: properties: name: description: The header - field name + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. type: string value: description: The header @@ -26316,7 +28969,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -26347,6 +29003,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -26434,7 +29103,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string value: description: The header field @@ -26465,6 +29137,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler @@ -26529,9 +29214,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -26570,7 +29253,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -26738,9 +29424,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. + a GRPC port. properties: port: description: Port number of the gRPC @@ -26779,7 +29463,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -26883,6 +29570,32 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -26906,7 +29619,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -27038,8 +29752,9 @@ spec: be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. type: string type: description: "type indicates which kind @@ -27058,8 +29773,15 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be - added to any container. Note that this + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this field cannot be set when spec.os.name is windows. items: @@ -27114,18 +29836,14 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a + 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. type: boolean runAsUserName: description: The UserName in Windows @@ -27294,18 +30012,25 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select the pods over - which spreading will be calculated. + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't - exist in the incoming pod labels will - be ignored. A null or empty list means - only match against labelSelector. + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." items: type: string type: array @@ -27386,8 +30111,8 @@ spec: All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This - is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -27400,8 +30125,8 @@ spec: - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to - the Ignore policy. This is a alpha-level - feature enabled by the NodeInclusionPolicyInPodTopologySpread + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -28016,7 +30741,7 @@ spec: of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -28241,12 +30966,12 @@ spec: name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -28286,11 +31011,17 @@ spec: source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource + data source. When the AnyVolumeDataSource feature gate is enabled, - this field will always have - the same contents as the - DataSourceRef field.' + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup @@ -28323,9 +31054,9 @@ spec: which to populate the volume with data, if a non-empty volume is desired. This - may be any local object - from a non-empty API group - (non core object) or a PersistentVolumeClaim + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the @@ -28334,31 +31065,44 @@ spec: populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as + dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields - (DataSource and DataSourceRef) - will be set to the same - value automatically if one - of them is empty and the - other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only allows two specific types - of objects, DataSourceRef + of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource + objects. * While dataSource ignores disallowed values - (dropping them), DataSourceRef + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -28381,11 +31125,26 @@ spec: name of resource being referenced type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the @@ -28427,7 +31186,9 @@ spec: if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -28512,6 +31273,41 @@ spec: required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required @@ -28954,6 +31750,153 @@ spec: be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml index 5b5f6477..f8142770 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_hooktemplates.yaml @@ -96,7 +96,9 @@ spec: used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized + upon output, so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -154,7 +156,9 @@ spec: used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized + upon output, so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -797,7 +801,7 @@ spec: be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -960,11 +964,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -998,10 +1002,13 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -1028,31 +1035,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the - functionality of the DataSource field + functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to the + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them - is empty and the other is non-empty. There - are two important differences between - DataSource and DataSourceRef: * While - DataSource only allows two specific types - of objects, DataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -1070,11 +1085,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -1109,7 +1136,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -1173,6 +1201,32 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can + be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to empty + string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass will + be set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set + to a Pending state, as reflected by the + modifyVolumeStatus field, until such as + a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -1548,6 +1602,114 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a + pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating + file. \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle objects + can either be selected by name, or by the + combination of signer name and a label selector. + \n Kubelet performs aggressive normalization + of the PEM contents written into the pod + filesystem. Esoteric PEM features such + as inter-block comments and block headers + are stripped. Certificates are deduplicated. + The ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as + "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then + the named ClusterTrustBundle is allowed + not to exist. If using signerName, + then the combination of signerName and + labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -2151,10 +2313,10 @@ spec: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion diff --git a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml index 4b869be6..f8513598 100644 --- a/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/core.kubestash.com_restoresessions.yaml @@ -287,7 +287,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -315,6 +318,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -386,7 +401,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -414,6 +432,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -467,8 +497,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -500,7 +529,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -628,8 +659,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -661,7 +691,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -755,6 +787,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -776,7 +830,7 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -900,8 +954,9 @@ spec: defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. type: string type: description: "type indicates which kind of seccomp @@ -934,15 +989,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -1273,7 +1324,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -1332,6 +1385,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -1462,7 +1563,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1516,6 +1619,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -1636,7 +1784,9 @@ spec: properties: labelSelector: description: A label query over a set - of resources, in this case pods. + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. properties: matchExpressions: description: matchExpressions is @@ -1695,6 +1845,54 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and + LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a + set of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the + group of existing pods which pods + will be taken into consideration for + the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies @@ -1825,7 +2023,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1879,6 +2079,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -2106,7 +2351,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -2141,16 +2387,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, if + HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the @@ -2663,7 +2905,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -2694,6 +2939,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -2776,7 +3034,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -2807,6 +3068,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -2865,8 +3139,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -2900,7 +3173,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -3085,8 +3361,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -3120,7 +3395,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -3216,10 +3494,57 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which + this resource resize policy applies. Supported + values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when + specified resource is resized. If not specified, + it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3241,10 +3566,34 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart + behavior of individual containers in a pod. This + field may only be set for init containers, and + the only allowed value is "Always". For non-init + containers or when this field is not specified, + the restart behavior is defined by the Pod''s + restart policy and the container type. Setting + the RestartPolicy as "Always" for the init container + will have the following effect: this init container + will be continually restarted on exit until all + regular containers have terminated. Once all regular + containers have completed, all init containers + with restartPolicy "Always" will be shut down. + This lifecycle differs from normal init containers + and is often referred to as a "sidecar" container. + Although this init container still starts in the + init container sequence, it does not wait for + the container to complete before proceeding to + the next init container. Instead, the next init + container starts immediately after this init container + is started, or after any startupProbe has successfully + completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, @@ -3380,8 +3729,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -3418,18 +3768,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -3482,8 +3826,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -3517,7 +3860,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -3785,7 +4131,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3814,6 +4163,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -3888,7 +4249,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon output, + so case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3917,6 +4281,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -3974,8 +4350,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -4009,7 +4384,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -4159,8 +4537,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -4194,7 +4571,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -4288,6 +4668,30 @@ spec: description: Compute Resources required by the sidecar container. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4309,7 +4713,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: @@ -4425,7 +4830,8 @@ spec: The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp @@ -4441,9 +4847,15 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the - container's primary GID. If unspecified, no groups - will be added to any container. Note that this field - cannot be set when spec.os.name is windows. + container's primary GID, the fsGroup (if specified), + and group memberships defined in the container image + for the uid of the container process. If unspecified, + no additional groups are added to any container. + Note that group memberships defined in the container + image for the uid of the container process are still + effective, even if they are not included in this + list. Note that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -4491,16 +4903,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, if + HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the @@ -4648,16 +5056,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys - that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match - against labelSelector. + will be calculated for the incoming pod. The same + key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be set + when LabelSelector isn't set. Keys that don't + exist in the incoming pod labels will be ignored. + A null or empty list means only match against + labelSelector. \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread feature + gate to be enabled (enabled by default)." items: type: string type: array @@ -4723,8 +5136,8 @@ spec: are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -4736,7 +5149,7 @@ spec: Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a - alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -5272,7 +5685,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -5449,11 +5862,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -5487,10 +5900,14 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of the - specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field - will always have the same contents - as the DataSourceRef field.' + specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef will + not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -5519,33 +5936,44 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will - replace the functionality of the DataSource + replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) - will be set to the same value automatically - if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource - only allows two specific types of - objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), - DataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. (Beta) Using this - field requires the AnyVolumeDataSource - feature gate to be enabled.' + when namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to + the same value automatically if one + of them is empty and the other is + non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be + empty. There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two + specific types of objects, dataSourceRef + allows any non-core object, as well + as PersistentVolumeClaim objects. + * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates + an error if a disallowed value is + specified. * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires the + AnyVolumeDataSource feature gate to + be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -5564,11 +5992,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -5605,6 +6045,7 @@ spec: defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object @@ -5674,6 +6115,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s + not allowed to reset this field to + empty string once it is set. If unspecified + and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the resource + referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, as + reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -6063,6 +6532,120 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by name, + or by the combination of signer name + and a label selector. \n Kubelet performs + aggressive normalization of the PEM + contents written into the pod filesystem. + \ Esoteric PEM features such as inter-block + comments and block headers are stripped. + \ Certificates are deduplicated. The + ordering of certificates within the + file is arbitrary, and Kubelet may change + the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -7135,7 +7718,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -7320,11 +7903,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -7359,11 +7942,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -7392,33 +7979,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -7438,11 +8035,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -7480,7 +8089,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -7550,6 +8160,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -7945,6 +8583,124 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into the + pod filesystem. Esoteric PEM features + such as inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering of + certificates within the file is arbitrary, + and Kubelet may change the order over + time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't available. If + using name, then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -8647,11 +9403,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -8685,10 +9441,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -8715,33 +9475,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -8759,11 +9527,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -8799,7 +9579,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8865,6 +9646,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -9055,11 +9864,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -9090,10 +9899,13 @@ spec: If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will - always have the same contents as the DataSourceRef - field.' + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for @@ -9120,30 +9932,39 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty + This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality - of the DataSource field and as such if both + of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is - non-empty. There are two important differences - between DataSource and DataSourceRef: * - While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a - disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled.' + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for @@ -9161,11 +9982,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -9198,7 +10029,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9259,6 +10091,30 @@ spec: of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may + be used to set the VolumeAttributesClass + used by this claim. If specified, the CSI + driver will create or update the volume + with the attributes defined in the corresponding + VolumeAttributesClass. This has a different + purpose than storageClassName, it can be + changed after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but it''s not + allowed to reset this field to empty string + once it is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to + by volumeAttributesClass does not exist, + this PersistentVolumeClaim will be set to + a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value @@ -9282,6 +10138,60 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update with ClaimResourceStatus + for a resource that it does not recognizes, + then it should ignore that update and + let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores + status of resource being resized for the + given PVC. Key names follow standard Kubernetes + label syntax. Valid values are either: * + Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use + implementation-defined prefixed names such + as \"example.com/my-custom-resource\" Apart + from above values - keys that are unprefixed + or have kubernetes.io prefix are considered + reserved and hence may not be used. \n ClaimResourceStatus + can be in any of following states: - ControllerResizeInProgress: + State set when resize controller starts + resizing the volume in control-plane. - + ControllerResizeFailed: State set when resize + has failed in resize controller with a terminal + error. - NodeResizePending: State set when + resize controller has finished resizing + the volume but further resizing of volume + is needed on the node. - NodeResizeInProgress: + State set when kubelet starts resizing the + volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal + error. Transient errors don't set NodeResizeFailed. + For example: if expanding a PVC for more + capacity - this field can be one of the + following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is + not set, it means that no resize operation + is in progress for the given PVC. \n A controller + that receives PVC update with previously + unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose + it was designed. For example - a controller + that only is responsible for resizing capacity + of the volume, should ignore PVC updates + that change other valid resources associated + with PVC. \n This is an alpha field and + requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -9289,13 +10199,21 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may - be larger than the actual capacity when - a volume expansion operation is requested. - For storage quota, the larger value from - allocatedResources and PVC.spec.resources + description: "allocatedResources tracks the + resources allocated to a PVC including its + capacity. Key names follow standard Kubernetes + label syntax. Valid values are either: * + Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use + implementation-defined prefixed names such + as \"example.com/my-custom-resource\" Apart + from above values - keys that are unprefixed + or have kubernetes.io prefix are considered + reserved and hence may not be used. \n Capacity + reported here may be larger than the actual + capacity when a volume expansion operation + is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity @@ -9303,8 +10221,16 @@ spec: only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. - This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + \n A controller that receives PVC update + with previously unknown resourceName should + ignore the update for the purpose it was + designed. For example - a controller that + only is responsible for resizing capacity + of the volume, should ignore PVC updates + that change other valid resources associated + with PVC. \n This is an alpha field and + requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -9323,7 +10249,7 @@ spec: the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -9360,19 +10286,53 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, there is no + VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling + VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus represents + the status object of ControllerModifyVolume + operation. When this is unset, there is + no ModifyVolume operation being attempted. + This is an alpha field and requires enabling + VolumeAttributesClass feature. + properties: + status: + description: 'status is the status of + the ControllerModifyVolume operation. + It can be in any of following states: + - Pending Pending indicates that the + PersistentVolumeClaim cannot be modified + due to unmet requirements, such as the + specified VolumeAttributesClass not + existing. - InProgress InProgress indicates + that the volume is being modified. - + Infeasible Infeasible indicates that + the request has been rejected as invalid + by the CSI driver. To resolve the error, + a valid VolumeAttributesClass needs + to be specified. Note: New statuses + can be added in the future. Consumers + should check for unknown statuses and + fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of - resize operation. ResizeStatus is not set - by default but when expansion is complete - resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha - field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -9877,7 +10837,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -10062,11 +11022,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -10101,11 +11061,15 @@ spec: controller can support the specified data source, it will create a new volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field.' + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -10134,33 +11098,43 @@ spec: the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API - group (non core object) or a PersistentVolumeClaim + object from a non-empty API group + (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of - the DataSource field and as such + the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource only allows two specific types of - objects, DataSourceRef allows any + objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores + objects. * While dataSource ignores disallowed values (dropping them), - DataSourceRef preserves all values, + dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using - this field requires the AnyVolumeDataSource + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -10180,11 +11154,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume @@ -10222,7 +11208,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -10292,6 +11279,34 @@ spec: the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or update + the volume with the attributes defined + in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An empty + string value means that no VolumeAttributesClass + will be applied to the claim but + it''s not allowed to reset this + field to empty string once it is + set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the @@ -10691,6 +11706,124 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects + in an auto-updating file. \n Alpha, + gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected by + name, or by the combination of signer + name and a label selector. \n Kubelet + performs aggressive normalization + of the PEM contents written into the + pod filesystem. Esoteric PEM features + such as inter-block comments and block + headers are stripped. Certificates + are deduplicated. The ordering of + certificates within the file is arbitrary, + and Kubelet may change the order over + time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but + empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block + pod startup if the referenced + ClusterTrustBundle(s) aren't available. If + using name, then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination + of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all + selected ClusterTrustBundles will + be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -11787,7 +12920,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -11818,6 +12954,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -11900,7 +13049,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -11931,6 +13083,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -11989,8 +13154,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -12024,7 +13188,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -12162,8 +13329,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -12197,7 +13363,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -12297,6 +13466,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -12318,8 +13512,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -12456,8 +13650,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -12494,18 +13689,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -12824,7 +14013,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -12892,6 +14083,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -13042,6 +14288,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -13101,6 +14349,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -13237,7 +14535,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -13305,6 +14605,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -13455,6 +14810,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -13514,6 +14871,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -13835,8 +15242,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -13853,10 +15261,16 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, - no groups will be added to any container. - Note that this field cannot be set when spec.os.name - is windows. + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -13906,18 +15320,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -14058,17 +15466,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will - be calculated for the incoming pod. Keys + be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means - only match against labelSelector. + only match against labelSelector. \n This + is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -14142,8 +15555,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -14156,7 +15569,8 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is - a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -14820,7 +16234,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -14991,11 +16405,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -15029,10 +16443,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -15059,33 +16477,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -15103,11 +16529,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -15143,7 +16581,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -15209,6 +16648,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -15591,6 +17058,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -16482,7 +18061,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -16513,6 +18095,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -16595,7 +18190,10 @@ spec: properties: name: description: The header field - name + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. type: string value: description: The header field @@ -16626,6 +18224,19 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -16684,8 +18295,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -16719,7 +18329,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -16857,8 +18470,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving - a GRPC port. This is a beta field and requires - enabling GRPCContainerProbe feature gate. + a GRPC port. properties: port: description: Port number of the gRPC service. @@ -16892,7 +18504,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. type: string value: description: The header field value @@ -16992,6 +18607,31 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -17013,8 +18653,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -17151,8 +18791,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -17189,18 +18830,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -17519,7 +19154,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -17587,6 +19224,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -17737,6 +19429,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -17796,6 +19490,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -17932,7 +19676,9 @@ spec: labelSelector: description: A label query over a set of resources, in this - case pods. + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions @@ -18000,6 +19746,61 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `LabelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `LabelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the @@ -18150,6 +19951,8 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions @@ -18209,6 +20012,56 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MatchLabelKeys + and LabelSelector. Also, MatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `LabelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term @@ -18530,8 +20383,9 @@ spec: should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be - set if type is "Localhost". + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. type: string type: description: "type indicates which kind @@ -18548,10 +20402,16 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, - no groups will be added to any container. - Note that this field cannot be set when spec.os.name - is windows. + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -18601,18 +20461,12 @@ spec: hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' - container. This field is alpha-level and - will only be honored by components that - enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed to - have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork - must also be set to true. + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to @@ -18753,17 +20607,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will - be calculated for the incoming pod. Keys + be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means - only match against labelSelector. + only match against labelSelector. \n This + is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -18837,8 +20696,8 @@ spec: are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. - This is a alpha-level feature enabled by - the NodeInclusionPolicyInPodTopologySpread + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -18851,7 +20710,8 @@ spec: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is - a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -19515,7 +21375,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -19686,11 +21546,11 @@ spec: type: string name: description: 'Name of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -19724,10 +21584,14 @@ spec: can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field.' + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, and + dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace + is not specified. If the namespace is + specified, then dataSourceRef will not + be copied to dataSource.' properties: apiGroup: description: APIGroup is the group @@ -19754,33 +21618,41 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object - from a non-empty API group (non core - object) or a PersistentVolumeClaim object. - When this field is specified, volume - binding will only succeed if the type - of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace - the functionality of the DataSource - field and as such if both fields are - non-empty, they must have the same value. - For backwards compatibility, both fields - (DataSource and DataSourceRef) will - be set to the same value automatically + is desired. This may be any object from + a non-empty API group (non core object) + or a PersistentVolumeClaim object. When + this field is specified, volume binding + will only succeed if the type of the + specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such + if both fields are non-empty, they must + have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one of them is empty and the other - is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows + is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t + set to the same value and must be empty. + There are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef + objects. * While dataSource ignores + disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled.' + * While dataSource only allows local + objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -19798,11 +21670,23 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should @@ -19838,7 +21722,8 @@ spec: for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -19904,6 +21789,34 @@ spec: name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, the + CSI driver will create or update the + volume with the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is + created. An empty string value means + that no VolumeAttributesClass will be + applied to the claim but it''s not allowed + to reset this field to empty string + once it is set. If unspecified and the + PersistentVolumeClaim is unbound, the + default VolumeAttributesClass will be + set by the persistentvolume controller + if it exists. If the resource referred + to by volumeAttributesClass does not + exist, this PersistentVolumeClaim will + be set to a Pending state, as reflected + by the modifyVolumeStatus field, until + such as a resource exists. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the + VolumeAttributesClass feature gate to + be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. @@ -20286,6 +22199,118 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows + a pod to access the `.spec.trustBundle` + field of ClusterTrustBundle objects in + an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature + gate. \n ClusterTrustBundle objects can + either be selected by name, or by the + combination of signer name and a label + selector. \n Kubelet performs aggressive + normalization of the PEM contents written + into the pod filesystem. Esoteric PEM + features such as inter-block comments + and block headers are stripped. Certificates + are deduplicated. The ordering of certificates + within the file is arbitrary, and Kubelet + may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only + has effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted + as "match nothing". If set but empty, + interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't block pod + startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, + then the named ClusterTrustBundle + is allowed not to exist. If using + signerName, then the combination of + signerName and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected + ClusterTrustBundles will be unified + and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -21244,7 +23269,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -21272,6 +23300,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -21343,7 +23383,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -21371,6 +23414,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -21424,8 +23479,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -21457,7 +23511,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -21585,8 +23641,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -21618,7 +23673,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -21712,6 +23769,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -21733,7 +23812,7 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -21857,8 +23936,9 @@ spec: defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. type: string type: description: "type indicates which kind of seccomp @@ -21891,15 +23971,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -22166,7 +24242,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -22220,6 +24298,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -22341,7 +24464,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -22392,6 +24516,48 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group of + existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key is + forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -22506,7 +24672,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -22560,6 +24728,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -22681,7 +24894,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -22732,6 +24946,48 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group of + existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key is + forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -23016,8 +25272,9 @@ spec: defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. type: string type: description: "type indicates which kind of seccomp @@ -23033,9 +25290,14 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added - to any container. Note that this field cannot be set - when spec.os.name is windows. + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are not included + in this list. Note that this field cannot be set when + spec.os.name is windows. items: format: int64 type: integer @@ -23080,15 +25342,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -23213,15 +25471,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming pod labels - will be ignored. A null or empty list means only match - against labelSelector. + pod. The same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be set when + LabelSelector isn't set. Keys that don't exist in + the incoming pod labels will be ignored. A null or + empty list means only match against labelSelector. + \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -23284,8 +25546,8 @@ spec: in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -23296,8 +25558,8 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: description: TopologyKey is the key of node labels. diff --git a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml index 4c55d498..f1497225 100644 --- a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_backupstorages.yaml @@ -309,7 +309,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -337,6 +340,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -408,7 +423,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -436,6 +454,18 @@ spec: required: - port type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward @@ -489,8 +519,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -522,7 +551,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -650,8 +681,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -683,7 +713,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -777,6 +809,28 @@ spec: description: 'Compute Resources required by container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -798,7 +852,7 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -922,8 +976,9 @@ spec: defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. type: string type: description: "type indicates which kind of seccomp @@ -956,15 +1011,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -1231,7 +1282,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1285,6 +1338,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -1406,7 +1504,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1457,6 +1556,48 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group of + existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key is + forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1571,7 +1712,9 @@ spec: properties: labelSelector: description: A label query over a set of - resources, in this case pods. + resources, in this case pods. If it's + null, this PodAffinityTerm matches with + no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1625,6 +1768,51 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods will + be taken into consideration. The keys + are used to lookup values from the incoming + pod labels, those key-value labels are + merged with `LabelSelector` as `key in + (value)` to select the group of existing + pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when + LabelSelector isn't set. This is an alpha + field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are merged with `LabelSelector` as `key + notin (value)` to select the group of + existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key + is forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. @@ -1746,7 +1934,8 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. properties: matchExpressions: description: matchExpressions is a list @@ -1797,6 +1986,48 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group of + existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key is + forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2081,8 +2312,9 @@ spec: defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. type: string type: description: "type indicates which kind of seccomp @@ -2098,9 +2330,14 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added - to any container. Note that this field cannot be set - when spec.os.name is windows. + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are not included + in this list. Note that this field cannot be set when + spec.os.name is windows. items: format: int64 type: integer @@ -2145,15 +2382,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: @@ -2278,15 +2511,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming pod labels - will be ignored. A null or empty list means only match - against labelSelector. + pod. The same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be set when + LabelSelector isn't set. Keys that don't exist in + the incoming pod labels will be ignored. A null or + empty list means only match against labelSelector. + \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -2349,8 +2586,8 @@ spec: in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -2361,8 +2598,8 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: description: TopologyKey is the key of node labels. @@ -2431,8 +2668,8 @@ spec: description: Prefix specifies a directory inside the bucket/container where the data for this backend will be stored. type: string - secret: - description: Secret specifies the name of the Secret that + secretName: + description: SecretName specifies the name of the Secret that contains the access credential for this storage. type: string storageAccount: @@ -2440,28 +2677,6 @@ spec: Storage Account type: string type: object - b2: - description: B2 specifies the storage information for B2 bucket - properties: - bucket: - description: Bucket specifies the name of the bucket that - will be used as storage backend. - type: string - maxConnections: - description: MaxConnections specifies the maximum number of - concurrent connections to use to upload/download data to - this backend. - format: int64 - type: integer - prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. - type: string - secret: - description: Secret specifies the name of the Secret that - contains the access credential for this storage. - type: string - type: object gcs: description: GCS specifies the storage information for GCS bucket properties: @@ -2479,8 +2694,8 @@ spec: description: Prefix specifies a directory inside the bucket/container where the data for this backend will be stored. type: string - secret: - description: Secret specifies the name of the Secret that + secretName: + description: SecretName specifies the name of the Secret that contains the access credential for this storage. type: string type: object @@ -2877,7 +3092,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3028,11 +3243,11 @@ spec: type: string name: description: 'Name of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' type: string uid: description: 'UID of the referent. More - info: http://kubernetes.io/docs/user-guide/identifiers#uids' + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' type: string required: - apiVersion @@ -3065,9 +3280,12 @@ spec: the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have - the same contents as the DataSourceRef field.' + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the @@ -3093,28 +3311,35 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be - any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of the - specified object matches some installed volume - populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, both fields (DataSource and DataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is non-empty. - There are two important differences between - DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed - value is specified. (Beta) Using this field - requires the AnyVolumeDataSource feature gate - to be enabled.' + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the @@ -3131,11 +3356,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -3168,7 +3403,8 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -3228,6 +3464,28 @@ spec: the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be + used to set the VolumeAttributesClass used by + this claim. If specified, the CSI driver will + create or update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than storageClassName, + it can be changed after the claim is created. + An empty string value means that no VolumeAttributesClass + will be applied to the claim but it''s not allowed + to reset this field to empty string once it + is set. If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller + if it exists. If the resource referred to by + volumeAttributesClass does not exist, this PersistentVolumeClaim + will be set to a Pending state, as reflected + by the modifyVolumeStatus field, until such + as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass + feature gate to be enabled.' + type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem @@ -3584,6 +3842,105 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to + access the `.spec.trustBundle` field of ClusterTrustBundle + objects in an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature gate. + \n ClusterTrustBundle objects can either be selected + by name, or by the combination of signer name + and a label selector. \n Kubelet performs aggressive + normalization of the PEM contents written into + the pod filesystem. Esoteric PEM features such + as inter-block comments and block headers are + stripped. Certificates are deduplicated. The + ordering of certificates within the file is arbitrary, + and Kubelet may change the order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles + that match this label selector. Only has + effect if signerName is set. Mutually-exclusive + with name. If unset, interpreted as "match + nothing". If set but empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with signerName + and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) aren't + available. If using name, then the named + ClusterTrustBundle is allowed not to exist. If + using signerName, then the combination of + signerName and labelSelector is allowed to + match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles + that match this signer name. Mutually-exclusive + with name. The contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -4119,18 +4476,6 @@ spec: provider: description: Provider specifies the provider of the storage type: string - rest: - description: Rest specifies the storage information for rest storage - server - properties: - secret: - description: Secret specifies the name of the Secret that - contains the access credential for this storage. - type: string - url: - description: URL specifies the URL of the REST storage server - type: string - type: object s3: description: S3 specifies the storage information for AWS S3 and S3 compatible storage. @@ -4151,25 +4496,8 @@ spec: description: Region specifies the region where the bucket is located type: string - secret: - description: Secret specifies the name of the Secret that - contains the access credential for this storage. - type: string - type: object - swift: - description: Swift specifies the storage information for Swift - container - properties: - container: - description: Container specifies the name of the Swift container - that will be used as storage backend. - type: string - prefix: - description: Prefix specifies a directory inside the bucket/container - where the data for this backend will be stored. - type: string - secret: - description: Secret specifies the name of the Secret that + secretName: + description: SecretName specifies the name of the Secret that contains the access credential for this storage. type: string type: object diff --git a/vendor/kubestash.dev/apimachinery/pkg/restic/setup.go b/vendor/kubestash.dev/apimachinery/pkg/restic/setup.go index 8415ef0e..5ea7fc4a 100644 --- a/vendor/kubestash.dev/apimachinery/pkg/restic/setup.go +++ b/vendor/kubestash.dev/apimachinery/pkg/restic/setup.go @@ -377,7 +377,7 @@ func (w *ResticWrapper) setBackupStorageVariables() error { w.config.bucket = s3.Bucket w.config.endpoint = s3.Endpoint w.config.path = s3.Prefix - secret = s3.Secret + secret = s3.SecretName } if gcs := bs.Spec.Storage.GCS; gcs != nil { @@ -385,7 +385,7 @@ func (w *ResticWrapper) setBackupStorageVariables() error { w.config.bucket = gcs.Bucket w.config.path = gcs.Prefix w.config.MaxConnections = gcs.MaxConnections - secret = gcs.Secret + secret = gcs.SecretName } if azure := bs.Spec.Storage.Azure; azure != nil { @@ -394,7 +394,7 @@ func (w *ResticWrapper) setBackupStorageVariables() error { w.config.bucket = azure.Container w.config.path = azure.Prefix w.config.MaxConnections = azure.MaxConnections - secret = azure.Secret + secret = azure.SecretName } if local := bs.Spec.Storage.Local; local != nil { diff --git a/vendor/modules.txt b/vendor/modules.txt index 54ec2c7e..e051f9f5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -802,7 +802,7 @@ k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace -# kmodules.xyz/client-go v0.29.4 +# kmodules.xyz/client-go v0.29.6 ## explicit; go 1.21.5 kmodules.xyz/client-go kmodules.xyz/client-go/api/v1 @@ -822,7 +822,7 @@ kmodules.xyz/offshoot-api/api/v1 # kmodules.xyz/prober v0.29.0 ## explicit; go 1.21.5 kmodules.xyz/prober/api/v1 -# kubestash.dev/apimachinery v0.3.1-0.20231231034418-cc46ddfd674a +# kubestash.dev/apimachinery v0.3.1-0.20240111011911-c3c3817fcf7c ## explicit; go 1.21.5 kubestash.dev/apimachinery/apis kubestash.dev/apimachinery/apis/addons/v1alpha1