3436 lines
207 KiB
YAML
3436 lines
207 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.4.1
|
|
creationTimestamp: null
|
|
name: jenkins.jenkins.io
|
|
spec:
|
|
group: jenkins.io
|
|
names:
|
|
kind: Jenkins
|
|
listKind: JenkinsList
|
|
plural: jenkins
|
|
singular: jenkins
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Jenkins is the Schema for the jenkins API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: Spec defines the desired state of the Jenkins
|
|
properties:
|
|
backup:
|
|
description: 'Backup defines configuration of Jenkins backup More
|
|
info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/'
|
|
properties:
|
|
action:
|
|
description: Action defines action which performs backup in backup
|
|
container sidecar
|
|
properties:
|
|
exec:
|
|
description: Exec specifies the action to take.
|
|
properties:
|
|
command:
|
|
description: Command is the command line to execute inside
|
|
the container, the working directory for the command is
|
|
root ('/') in the container's filesystem. The command
|
|
is simply exec'd, it is not run inside a shell, so traditional
|
|
shell instructions ('|', etc) won't work. To use a shell,
|
|
you need to explicitly call out to that shell. Exit
|
|
status of 0 is treated as live/healthy and non-zero
|
|
is unhealthy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
containerName:
|
|
description: ContainerName is the container name responsible for
|
|
backup operation
|
|
type: string
|
|
interval:
|
|
description: Interval tells how often make backup in seconds Defaults
|
|
to 30.
|
|
format: int64
|
|
type: integer
|
|
makeBackupBeforePodDeletion:
|
|
description: MakeBackupBeforePodDeletion tells operator to make
|
|
backup before Jenkins master pod deletion
|
|
type: boolean
|
|
required:
|
|
- action
|
|
- containerName
|
|
- interval
|
|
- makeBackupBeforePodDeletion
|
|
type: object
|
|
configurationAsCode:
|
|
description: ConfigurationAsCode defines configuration of Jenkins
|
|
customization via Configuration as Code Jenkins plugin
|
|
properties:
|
|
configurations:
|
|
items:
|
|
description: ConfigMapRef is reference to Kubernetes ConfigMap.
|
|
properties:
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
secret:
|
|
description: SecretRef is reference to Kubernetes secret.
|
|
properties:
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- configurations
|
|
- secret
|
|
type: object
|
|
groovyScripts:
|
|
description: GroovyScripts defines configuration of Jenkins customization
|
|
via groovy scripts
|
|
properties:
|
|
configurations:
|
|
items:
|
|
description: ConfigMapRef is reference to Kubernetes ConfigMap.
|
|
properties:
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
secret:
|
|
description: SecretRef is reference to Kubernetes secret.
|
|
properties:
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- configurations
|
|
- secret
|
|
type: object
|
|
jenkinsAPISettings:
|
|
description: JenkinsAPISettings defines configuration used by the
|
|
operator to gain admin access to the Jenkins API
|
|
properties:
|
|
authorizationStrategy:
|
|
description: AuthorizationStrategy defines authorization strategy
|
|
of the operator for the Jenkins API
|
|
type: string
|
|
required:
|
|
- authorizationStrategy
|
|
type: object
|
|
master:
|
|
description: Master represents Jenkins master pod properties and Jenkins
|
|
plugins. Every single change here requires a pod restart.
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Annotations is an unstructured key value map stored
|
|
with a resource that may be set by external tools to store and
|
|
retrieve arbitrary metadata. They are not queryable and should
|
|
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
|
|
type: object
|
|
basePlugins:
|
|
description: 'BasePlugins contains plugins required by operator
|
|
Defaults to : - name: kubernetes version: "1.31.3" - name:
|
|
workflow-job version: "1145.v7f2433caa07f" - name: workflow-aggregator version:
|
|
"2.6" - name: git version: "4.11.3" - name: job-dsl version:
|
|
"1.78.1" - name: configuration-as-code version: "1346.ve8cfa_3473c94" - name:
|
|
kubernetes-credentials-provider version: "0.20"'
|
|
items:
|
|
description: Plugin defines Jenkins plugin.
|
|
properties:
|
|
downloadURL:
|
|
description: DownloadURL is the custom url from where plugin
|
|
has to be downloaded.
|
|
type: string
|
|
name:
|
|
description: Name is the name of Jenkins plugin
|
|
type: string
|
|
version:
|
|
description: Version is the version of Jenkins plugin
|
|
type: string
|
|
required:
|
|
- name
|
|
- version
|
|
type: object
|
|
type: array
|
|
containers:
|
|
description: 'List of containers belonging to the pod. Containers
|
|
cannot currently be added or removed. There must be at least
|
|
one container in a Pod. Defaults to: - image: jenkins/jenkins:lts imagePullPolicy:
|
|
Always livenessProbe: failureThreshold: 12 httpGet: path:
|
|
/login port: http scheme: HTTP initialDelaySeconds:
|
|
80 periodSeconds: 10 successThreshold: 1 timeoutSeconds:
|
|
5 name: jenkins-master readinessProbe: failureThreshold:
|
|
3 httpGet: path: /login port: http scheme:
|
|
HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold:
|
|
1 timeoutSeconds: 1 resources: limits: cpu:
|
|
1500m memory: 3Gi requests: cpu: "1" memory:
|
|
600Mi'
|
|
items:
|
|
description: Container defines Kubernetes container attributes.
|
|
properties:
|
|
args:
|
|
description: 'Arguments to the entrypoint. The docker image''s
|
|
CMD is used if this is not provided. Variable references
|
|
$(VAR_NAME) are expanded using the container''s environment.
|
|
If a variable cannot be resolved, the reference in the
|
|
input string will be unchanged. The $(VAR_NAME) syntax
|
|
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
|
|
references will never be expanded, regardless of whether
|
|
the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
items:
|
|
type: string
|
|
type: array
|
|
command:
|
|
description: 'Entrypoint array. Not executed within a shell.
|
|
The docker image''s ENTRYPOINT is used if this is not
|
|
provided. Variable references $(VAR_NAME) are expanded
|
|
using the container''s environment. If a variable cannot
|
|
be resolved, the reference in the input string will be
|
|
unchanged. The $(VAR_NAME) syntax can be escaped with
|
|
a double $$, ie: $$(VAR_NAME). Escaped references will
|
|
never be expanded, regardless of whether the variable
|
|
exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
items:
|
|
type: string
|
|
type: array
|
|
env:
|
|
description: List of environment variables to set in the
|
|
container.
|
|
items:
|
|
description: EnvVar represents an environment variable
|
|
present in a Container.
|
|
properties:
|
|
name:
|
|
description: Name of the environment variable. Must
|
|
be a C_IDENTIFIER.
|
|
type: string
|
|
value:
|
|
description: 'Variable references $(VAR_NAME) are
|
|
expanded using the previous defined environment
|
|
variables in the container and any service environment
|
|
variables. If a variable cannot be resolved, the
|
|
reference in the input string will be unchanged.
|
|
The $(VAR_NAME) syntax can be escaped with a double
|
|
$$, ie: $$(VAR_NAME). Escaped references will never
|
|
be expanded, regardless of whether the variable
|
|
exists or not. Defaults to "".'
|
|
type: string
|
|
valueFrom:
|
|
description: Source for the environment variable's
|
|
value. Cannot be used if value is not empty.
|
|
properties:
|
|
configMapKeyRef:
|
|
description: Selects a key of a ConfigMap.
|
|
properties:
|
|
key:
|
|
description: The key to select.
|
|
type: string
|
|
name:
|
|
description: 'Name of the referent. More info:
|
|
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion,
|
|
kind, uid?'
|
|
type: string
|
|
optional:
|
|
description: Specify whether the ConfigMap
|
|
or its key must be defined
|
|
type: boolean
|
|
required:
|
|
- key
|
|
type: object
|
|
fieldRef:
|
|
description: 'Selects a field of the pod: supports
|
|
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
|
|
`metadata.annotations[''<KEY>'']`, spec.nodeName,
|
|
spec.serviceAccountName, status.hostIP, status.podIP,
|
|
status.podIPs.'
|
|
properties:
|
|
apiVersion:
|
|
description: Version of the schema the FieldPath
|
|
is written in terms of, defaults to "v1".
|
|
type: string
|
|
fieldPath:
|
|
description: Path of the field to select in
|
|
the specified API version.
|
|
type: string
|
|
required:
|
|
- fieldPath
|
|
type: object
|
|
resourceFieldRef:
|
|
description: 'Selects a resource of the container:
|
|
only resources limits and requests (limits.cpu,
|
|
limits.memory, limits.ephemeral-storage, requests.cpu,
|
|
requests.memory and requests.ephemeral-storage)
|
|
are currently supported.'
|
|
properties:
|
|
containerName:
|
|
description: 'Container name: required for
|
|
volumes, optional for env vars'
|
|
type: string
|
|
divisor:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Specifies the output format of
|
|
the exposed resources, defaults to "1"
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
resource:
|
|
description: 'Required: resource to select'
|
|
type: string
|
|
required:
|
|
- resource
|
|
type: object
|
|
secretKeyRef:
|
|
description: Selects a key of a secret in the
|
|
pod's namespace
|
|
properties:
|
|
key:
|
|
description: The key of the secret to select
|
|
from. Must be a valid secret key.
|
|
type: string
|
|
name:
|
|
description: 'Name of the referent. More info:
|
|
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion,
|
|
kind, uid?'
|
|
type: string
|
|
optional:
|
|
description: Specify whether the Secret or
|
|
its key must be defined
|
|
type: boolean
|
|
required:
|
|
- key
|
|
type: object
|
|
type: object
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
envFrom:
|
|
description: List of sources to populate environment variables
|
|
in the container. The keys defined within a source must
|
|
be a C_IDENTIFIER. All invalid keys will be reported as
|
|
an event when the container is starting. When a key exists
|
|
in multiple sources, the value associated with the last
|
|
source will take precedence. Values defined by an Env
|
|
with a duplicate key will take precedence.
|
|
items:
|
|
description: EnvFromSource represents the source of a
|
|
set of ConfigMaps
|
|
properties:
|
|
configMapRef:
|
|
description: The ConfigMap to select from
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info:
|
|
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
optional:
|
|
description: Specify whether the ConfigMap must
|
|
be defined
|
|
type: boolean
|
|
type: object
|
|
prefix:
|
|
description: An optional identifier to prepend to
|
|
each key in the ConfigMap. Must be a C_IDENTIFIER.
|
|
type: string
|
|
secretRef:
|
|
description: The Secret to select from
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info:
|
|
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
optional:
|
|
description: Specify whether the Secret must be
|
|
defined
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
type: array
|
|
image:
|
|
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
|
|
type: string
|
|
imagePullPolicy:
|
|
description: Image pull policy. One of Always, Never, IfNotPresent.
|
|
Defaults to Always.
|
|
type: string
|
|
lifecycle:
|
|
description: Actions that the management system should take
|
|
in response to container lifecycle events.
|
|
properties:
|
|
postStart:
|
|
description: 'PostStart is called immediately after
|
|
a container is created. If the handler fails, the
|
|
container is terminated and restarted according to
|
|
its restart policy. Other management of the container
|
|
blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
properties:
|
|
exec:
|
|
description: One and only one of the following should
|
|
be specified. Exec specifies the action to take.
|
|
properties:
|
|
command:
|
|
description: Command is the command line to
|
|
execute inside the container, the working
|
|
directory for the command is root ('/') in
|
|
the container's filesystem. The command is
|
|
simply exec'd, it is not run inside a shell,
|
|
so traditional shell instructions ('|', etc)
|
|
won't work. To use a shell, you need to explicitly
|
|
call out to that shell. Exit status of 0 is
|
|
treated as live/healthy and non-zero is unhealthy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
httpGet:
|
|
description: HTTPGet specifies the http request
|
|
to perform.
|
|
properties:
|
|
host:
|
|
description: Host name to connect to, defaults
|
|
to the pod IP. You probably want to set "Host"
|
|
in httpHeaders instead.
|
|
type: string
|
|
httpHeaders:
|
|
description: Custom headers to set in the request.
|
|
HTTP allows repeated headers.
|
|
items:
|
|
description: HTTPHeader describes a custom
|
|
header to be used in HTTP probes
|
|
properties:
|
|
name:
|
|
description: The header field name
|
|
type: string
|
|
value:
|
|
description: The header field value
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
path:
|
|
description: Path to access on the HTTP server.
|
|
type: string
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Name or number of the port to access
|
|
on the container. Number must be in the range
|
|
1 to 65535. Name must be an IANA_SVC_NAME.
|
|
x-kubernetes-int-or-string: true
|
|
scheme:
|
|
description: Scheme to use for connecting to
|
|
the host. Defaults to HTTP.
|
|
type: string
|
|
required:
|
|
- port
|
|
type: object
|
|
tcpSocket:
|
|
description: 'TCPSocket specifies an action involving
|
|
a TCP port. TCP hooks not yet supported TODO:
|
|
implement a realistic TCP lifecycle hook'
|
|
properties:
|
|
host:
|
|
description: 'Optional: Host name to connect
|
|
to, defaults to the pod IP.'
|
|
type: string
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Number or name of the port to access
|
|
on the container. Number must be in the range
|
|
1 to 65535. Name must be an IANA_SVC_NAME.
|
|
x-kubernetes-int-or-string: true
|
|
required:
|
|
- port
|
|
type: object
|
|
type: object
|
|
preStop:
|
|
description: 'PreStop is called immediately before a
|
|
container is terminated due to an API request or management
|
|
event such as liveness/startup probe failure, preemption,
|
|
resource contention, etc. The handler is not called
|
|
if the container crashes or exits. The reason for
|
|
termination is passed to the handler. The Pod''s termination
|
|
grace period countdown begins before the PreStop hooked
|
|
is executed. Regardless of the outcome of the handler,
|
|
the container will eventually terminate within the
|
|
Pod''s termination grace period. Other management
|
|
of the container blocks until the hook completes or
|
|
until the termination grace period is reached. More
|
|
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
properties:
|
|
exec:
|
|
description: One and only one of the following should
|
|
be specified. Exec specifies the action to take.
|
|
properties:
|
|
command:
|
|
description: Command is the command line to
|
|
execute inside the container, the working
|
|
directory for the command is root ('/') in
|
|
the container's filesystem. The command is
|
|
simply exec'd, it is not run inside a shell,
|
|
so traditional shell instructions ('|', etc)
|
|
won't work. To use a shell, you need to explicitly
|
|
call out to that shell. Exit status of 0 is
|
|
treated as live/healthy and non-zero is unhealthy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
httpGet:
|
|
description: HTTPGet specifies the http request
|
|
to perform.
|
|
properties:
|
|
host:
|
|
description: Host name to connect to, defaults
|
|
to the pod IP. You probably want to set "Host"
|
|
in httpHeaders instead.
|
|
type: string
|
|
httpHeaders:
|
|
description: Custom headers to set in the request.
|
|
HTTP allows repeated headers.
|
|
items:
|
|
description: HTTPHeader describes a custom
|
|
header to be used in HTTP probes
|
|
properties:
|
|
name:
|
|
description: The header field name
|
|
type: string
|
|
value:
|
|
description: The header field value
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
path:
|
|
description: Path to access on the HTTP server.
|
|
type: string
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Name or number of the port to access
|
|
on the container. Number must be in the range
|
|
1 to 65535. Name must be an IANA_SVC_NAME.
|
|
x-kubernetes-int-or-string: true
|
|
scheme:
|
|
description: Scheme to use for connecting to
|
|
the host. Defaults to HTTP.
|
|
type: string
|
|
required:
|
|
- port
|
|
type: object
|
|
tcpSocket:
|
|
description: 'TCPSocket specifies an action involving
|
|
a TCP port. TCP hooks not yet supported TODO:
|
|
implement a realistic TCP lifecycle hook'
|
|
properties:
|
|
host:
|
|
description: 'Optional: Host name to connect
|
|
to, defaults to the pod IP.'
|
|
type: string
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Number or name of the port to access
|
|
on the container. Number must be in the range
|
|
1 to 65535. Name must be an IANA_SVC_NAME.
|
|
x-kubernetes-int-or-string: true
|
|
required:
|
|
- port
|
|
type: object
|
|
type: object
|
|
type: object
|
|
livenessProbe:
|
|
description: Periodic probe of container liveness. Container
|
|
will be restarted if the probe fails.
|
|
properties:
|
|
exec:
|
|
description: One and only one of the following should
|
|
be specified. Exec specifies the action to take.
|
|
properties:
|
|
command:
|
|
description: Command is the command line to execute
|
|
inside the container, the working directory for
|
|
the command is root ('/') in the container's
|
|
filesystem. The command is simply exec'd, it is
|
|
not run inside a shell, so traditional shell instructions
|
|
('|', etc) won't work. To use a shell, you need
|
|
to explicitly call out to that shell. Exit status
|
|
of 0 is treated as live/healthy and non-zero is
|
|
unhealthy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
failureThreshold:
|
|
description: Minimum consecutive failures for the probe
|
|
to be considered failed after having succeeded. Defaults
|
|
to 3. Minimum value is 1.
|
|
format: int32
|
|
type: integer
|
|
httpGet:
|
|
description: HTTPGet specifies the http request to perform.
|
|
properties:
|
|
host:
|
|
description: Host name to connect to, defaults to
|
|
the pod IP. You probably want to set "Host" in
|
|
httpHeaders instead.
|
|
type: string
|
|
httpHeaders:
|
|
description: Custom headers to set in the request.
|
|
HTTP allows repeated headers.
|
|
items:
|
|
description: HTTPHeader describes a custom header
|
|
to be used in HTTP probes
|
|
properties:
|
|
name:
|
|
description: The header field name
|
|
type: string
|
|
value:
|
|
description: The header field value
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
path:
|
|
description: Path to access on the HTTP server.
|
|
type: string
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Name or number of the port to access
|
|
on the container. Number must be in the range
|
|
1 to 65535. Name must be an IANA_SVC_NAME.
|
|
x-kubernetes-int-or-string: true
|
|
scheme:
|
|
description: Scheme to use for connecting to the
|
|
host. Defaults to HTTP.
|
|
type: string
|
|
required:
|
|
- port
|
|
type: object
|
|
initialDelaySeconds:
|
|
description: 'Number of seconds after the container
|
|
has started before liveness probes are initiated.
|
|
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
format: int32
|
|
type: integer
|
|
periodSeconds:
|
|
description: How often (in seconds) to perform the probe.
|
|
Default to 10 seconds. Minimum value is 1.
|
|
format: int32
|
|
type: integer
|
|
successThreshold:
|
|
description: Minimum consecutive successes for the probe
|
|
to be considered successful after having failed. Defaults
|
|
to 1. Must be 1 for liveness and startup. Minimum
|
|
value is 1.
|
|
format: int32
|
|
type: integer
|
|
tcpSocket:
|
|
description: 'TCPSocket specifies an action involving
|
|
a TCP port. TCP hooks not yet supported TODO: implement
|
|
a realistic TCP lifecycle hook'
|
|
properties:
|
|
host:
|
|
description: 'Optional: Host name to connect to,
|
|
defaults to the pod IP.'
|
|
type: string
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Number or name of the port to access
|
|
on the container. Number must be in the range
|
|
1 to 65535. Name must be an IANA_SVC_NAME.
|
|
x-kubernetes-int-or-string: true
|
|
required:
|
|
- port
|
|
type: object
|
|
timeoutSeconds:
|
|
description: 'Number of seconds after which the probe
|
|
times out. Defaults to 1 second. Minimum value is
|
|
1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
name:
|
|
description: Name of the container specified as a DNS_LABEL.
|
|
Each container in a pod must have a unique name (DNS_LABEL).
|
|
type: string
|
|
ports:
|
|
description: List of ports to expose from the container.
|
|
Exposing a port here gives the system additional information
|
|
about the network connections a container uses, but is
|
|
primarily informational. Not specifying a port here DOES
|
|
NOT prevent that port from being exposed. Any port which
|
|
is listening on the default "0.0.0.0" address inside a
|
|
container will be accessible from the network.
|
|
items:
|
|
description: ContainerPort represents a network port in
|
|
a single container.
|
|
properties:
|
|
containerPort:
|
|
description: Number of port to expose on the pod's
|
|
IP address. This must be a valid port number, 0
|
|
< x < 65536.
|
|
format: int32
|
|
type: integer
|
|
hostIP:
|
|
description: What host IP to bind the external port
|
|
to.
|
|
type: string
|
|
hostPort:
|
|
description: Number of port to expose on the host.
|
|
If specified, this must be a valid port number,
|
|
0 < x < 65536. If HostNetwork is specified, this
|
|
must match ContainerPort. Most containers do not
|
|
need this.
|
|
format: int32
|
|
type: integer
|
|
name:
|
|
description: If specified, this must be an IANA_SVC_NAME
|
|
and unique within the pod. Each named port in a
|
|
pod must have a unique name. Name for the port that
|
|
can be referred to by services.
|
|
type: string
|
|
protocol:
|
|
default: TCP
|
|
description: Protocol for port. Must be UDP, TCP,
|
|
or SCTP. Defaults to "TCP".
|
|
type: string
|
|
required:
|
|
- containerPort
|
|
type: object
|
|
type: array
|
|
readinessProbe:
|
|
description: Periodic probe of container service readiness.
|
|
Container will be removed from service endpoints if the
|
|
probe fails.
|
|
properties:
|
|
exec:
|
|
description: One and only one of the following should
|
|
be specified. Exec specifies the action to take.
|
|
properties:
|
|
command:
|
|
description: Command is the command line to execute
|
|
inside the container, the working directory for
|
|
the command is root ('/') in the container's
|
|
filesystem. The command is simply exec'd, it is
|
|
not run inside a shell, so traditional shell instructions
|
|
('|', etc) won't work. To use a shell, you need
|
|
to explicitly call out to that shell. Exit status
|
|
of 0 is treated as live/healthy and non-zero is
|
|
unhealthy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
failureThreshold:
|
|
description: Minimum consecutive failures for the probe
|
|
to be considered failed after having succeeded. Defaults
|
|
to 3. Minimum value is 1.
|
|
format: int32
|
|
type: integer
|
|
httpGet:
|
|
description: HTTPGet specifies the http request to perform.
|
|
properties:
|
|
host:
|
|
description: Host name to connect to, defaults to
|
|
the pod IP. You probably want to set "Host" in
|
|
httpHeaders instead.
|
|
type: string
|
|
httpHeaders:
|
|
description: Custom headers to set in the request.
|
|
HTTP allows repeated headers.
|
|
items:
|
|
description: HTTPHeader describes a custom header
|
|
to be used in HTTP probes
|
|
properties:
|
|
name:
|
|
description: The header field name
|
|
type: string
|
|
value:
|
|
description: The header field value
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
path:
|
|
description: Path to access on the HTTP server.
|
|
type: string
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Name or number of the port to access
|
|
on the container. Number must be in the range
|
|
1 to 65535. Name must be an IANA_SVC_NAME.
|
|
x-kubernetes-int-or-string: true
|
|
scheme:
|
|
description: Scheme to use for connecting to the
|
|
host. Defaults to HTTP.
|
|
type: string
|
|
required:
|
|
- port
|
|
type: object
|
|
initialDelaySeconds:
|
|
description: 'Number of seconds after the container
|
|
has started before liveness probes are initiated.
|
|
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
format: int32
|
|
type: integer
|
|
periodSeconds:
|
|
description: How often (in seconds) to perform the probe.
|
|
Default to 10 seconds. Minimum value is 1.
|
|
format: int32
|
|
type: integer
|
|
successThreshold:
|
|
description: Minimum consecutive successes for the probe
|
|
to be considered successful after having failed. Defaults
|
|
to 1. Must be 1 for liveness and startup. Minimum
|
|
value is 1.
|
|
format: int32
|
|
type: integer
|
|
tcpSocket:
|
|
description: 'TCPSocket specifies an action involving
|
|
a TCP port. TCP hooks not yet supported TODO: implement
|
|
a realistic TCP lifecycle hook'
|
|
properties:
|
|
host:
|
|
description: 'Optional: Host name to connect to,
|
|
defaults to the pod IP.'
|
|
type: string
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Number or name of the port to access
|
|
on the container. Number must be in the range
|
|
1 to 65535. Name must be an IANA_SVC_NAME.
|
|
x-kubernetes-int-or-string: true
|
|
required:
|
|
- port
|
|
type: object
|
|
timeoutSeconds:
|
|
description: 'Number of seconds after which the probe
|
|
times out. Defaults to 1 second. Minimum value is
|
|
1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
resources:
|
|
description: 'Compute Resources required by this container.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
|
properties:
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'Limits describes the maximum amount of
|
|
compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'Requests describes the minimum amount
|
|
of compute resources required. If Requests is omitted
|
|
for a container, it defaults to Limits if that is
|
|
explicitly specified, otherwise to an implementation-defined
|
|
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
|
type: object
|
|
type: object
|
|
securityContext:
|
|
description: 'Security options the pod should run with.
|
|
More info: https://kubernetes.io/docs/concepts/policy/security-context/
|
|
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
|
properties:
|
|
allowPrivilegeEscalation:
|
|
description: 'AllowPrivilegeEscalation controls whether
|
|
a process can gain more privileges than its parent
|
|
process. This bool directly controls if the no_new_privs
|
|
flag will be set on the container process. AllowPrivilegeEscalation
|
|
is true always when the container is: 1) run as Privileged
|
|
2) has CAP_SYS_ADMIN'
|
|
type: boolean
|
|
capabilities:
|
|
description: The capabilities to add/drop when running
|
|
containers. Defaults to the default set of capabilities
|
|
granted by the container runtime.
|
|
properties:
|
|
add:
|
|
description: Added capabilities
|
|
items:
|
|
description: Capability represent POSIX capabilities
|
|
type
|
|
type: string
|
|
type: array
|
|
drop:
|
|
description: Removed capabilities
|
|
items:
|
|
description: Capability represent POSIX capabilities
|
|
type
|
|
type: string
|
|
type: array
|
|
type: object
|
|
privileged:
|
|
description: Run container in privileged mode. Processes
|
|
in privileged containers are essentially equivalent
|
|
to root on the host. Defaults to false.
|
|
type: boolean
|
|
procMount:
|
|
description: procMount denotes the type of proc mount
|
|
to use for the containers. The default is DefaultProcMount
|
|
which uses the container runtime defaults for readonly
|
|
paths and masked paths. This requires the ProcMountType
|
|
feature flag to be enabled.
|
|
type: string
|
|
readOnlyRootFilesystem:
|
|
description: Whether this container has a read-only
|
|
root filesystem. Default is false.
|
|
type: boolean
|
|
runAsGroup:
|
|
description: The GID to run the entrypoint of the container
|
|
process. Uses runtime default if unset. May also be
|
|
set in PodSecurityContext. If set in both SecurityContext
|
|
and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: Indicates that the container must run as
|
|
a non-root user. If true, the Kubelet will validate
|
|
the image at runtime to ensure that it does not run
|
|
as UID 0 (root) and fail to start the container if
|
|
it does. If unset or false, no such validation will
|
|
be performed. May also be set in PodSecurityContext. If
|
|
set in both SecurityContext and PodSecurityContext,
|
|
the value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: The UID to run the entrypoint of the container
|
|
process. Defaults to user specified in image metadata
|
|
if unspecified. May also be set in PodSecurityContext. If
|
|
set in both SecurityContext and PodSecurityContext,
|
|
the value specified in SecurityContext takes precedence.
|
|
format: int64
|
|
type: integer
|
|
seLinuxOptions:
|
|
description: The SELinux context to be applied to the
|
|
container. If unspecified, the container runtime will
|
|
allocate a random SELinux context for each container. May
|
|
also be set in PodSecurityContext. If set in both
|
|
SecurityContext and PodSecurityContext, the value
|
|
specified in SecurityContext takes precedence.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies
|
|
to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies
|
|
to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies
|
|
to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies
|
|
to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: The seccomp options to use by this container.
|
|
If seccomp options are provided at both the pod &
|
|
container level, the container options override the
|
|
pod options.
|
|
properties:
|
|
localhostProfile:
|
|
description: localhostProfile indicates a profile
|
|
defined in a file on the node should be used.
|
|
The profile must be preconfigured on the node
|
|
to work. Must be a descending path, relative to
|
|
the kubelet's configured seccomp profile location.
|
|
Must only be set if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: "type indicates which kind of seccomp
|
|
profile will be applied. Valid options are: \n
|
|
Localhost - a profile defined in a file on the
|
|
node should be used. RuntimeDefault - the container
|
|
runtime default profile should be used. Unconfined
|
|
- no profile should be applied."
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
windowsOptions:
|
|
description: The Windows specific settings applied to
|
|
all containers. If unspecified, the options from the
|
|
PodSecurityContext will be used. If set in both SecurityContext
|
|
and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: GMSACredentialSpec is where the GMSA
|
|
admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
inlines the contents of the GMSA credential spec
|
|
named by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name
|
|
of the GMSA credential spec to use.
|
|
type: string
|
|
runAsUserName:
|
|
description: The UserName in Windows to run the
|
|
entrypoint of the container process. Defaults
|
|
to the user specified in image metadata if unspecified.
|
|
May also be set in PodSecurityContext. If set
|
|
in both SecurityContext and PodSecurityContext,
|
|
the value specified in SecurityContext takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
volumeMounts:
|
|
description: Pod volumes to mount into the container's filesystem.
|
|
items:
|
|
description: VolumeMount describes a mounting of a Volume
|
|
within a container.
|
|
properties:
|
|
mountPath:
|
|
description: Path within the container at which the
|
|
volume should be mounted. Must not contain ':'.
|
|
type: string
|
|
mountPropagation:
|
|
description: mountPropagation determines how mounts
|
|
are propagated from the host to container and the
|
|
other way around. When not set, MountPropagationNone
|
|
is used. This field is beta in 1.10.
|
|
type: string
|
|
name:
|
|
description: This must match the Name of a Volume.
|
|
type: string
|
|
readOnly:
|
|
description: Mounted read-only if true, read-write
|
|
otherwise (false or unspecified). Defaults to false.
|
|
type: boolean
|
|
subPath:
|
|
description: Path within the volume from which the
|
|
container's volume should be mounted. Defaults to
|
|
"" (volume's root).
|
|
type: string
|
|
subPathExpr:
|
|
description: Expanded path within the volume from
|
|
which the container's volume should be mounted.
|
|
Behaves similarly to SubPath but environment variable
|
|
references $(VAR_NAME) are expanded using the container's
|
|
environment. Defaults to "" (volume's root). SubPathExpr
|
|
and SubPath are mutually exclusive.
|
|
type: string
|
|
required:
|
|
- mountPath
|
|
- name
|
|
type: object
|
|
type: array
|
|
workingDir:
|
|
description: Container's working directory. If not specified,
|
|
the container runtime's default will be used, which might
|
|
be configured in the container image.
|
|
type: string
|
|
required:
|
|
- image
|
|
- imagePullPolicy
|
|
- name
|
|
- resources
|
|
type: object
|
|
type: array
|
|
disableCSRFProtection:
|
|
description: DisableCSRFProtection allows you to toggle CSRF Protection
|
|
on Jenkins
|
|
type: boolean
|
|
hostAliases:
|
|
description: HostAliases for Jenkins master pod and SeedJob agent
|
|
items:
|
|
description: HostAlias holds the mapping between IP and hostnames
|
|
that will be injected as an entry in the pod's hosts file.
|
|
properties:
|
|
hostnames:
|
|
description: Hostnames for the above IP address.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ip:
|
|
description: IP address of the host file entry.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
imagePullSecrets:
|
|
description: 'ImagePullSecrets is an optional list of references
|
|
to secrets in the same namespace to use for pulling any of the
|
|
images used by this PodSpec. If specified, these secrets will
|
|
be passed to individual puller implementations for them to use.
|
|
For example, in the case of docker, only DockerConfig type secrets
|
|
are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
|
|
items:
|
|
description: LocalObjectReference contains enough information
|
|
to let you locate the referenced object inside the same namespace.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
type: string
|
|
type: object
|
|
type: array
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Map of string keys and values that can be used to
|
|
organize and categorize (scope and select) objects. May match
|
|
selectors of replication controllers and services. More info:
|
|
http://kubernetes.io/docs/user-guide/labels'
|
|
type: object
|
|
nodeSelector:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'NodeSelector is a selector which must be true for
|
|
the pod to fit on a node. Selector which must match a node''s
|
|
labels for the pod to be scheduled on that node. More info:
|
|
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
|
|
type: object
|
|
plugins:
|
|
description: Plugins contains plugins required by user
|
|
items:
|
|
description: Plugin defines Jenkins plugin.
|
|
properties:
|
|
downloadURL:
|
|
description: DownloadURL is the custom url from where plugin
|
|
has to be downloaded.
|
|
type: string
|
|
name:
|
|
description: Name is the name of Jenkins plugin
|
|
type: string
|
|
version:
|
|
description: Version is the version of Jenkins plugin
|
|
type: string
|
|
required:
|
|
- name
|
|
- version
|
|
type: object
|
|
type: array
|
|
priorityClassName:
|
|
description: PriorityClassName for Jenkins master pod
|
|
type: string
|
|
securityContext:
|
|
description: 'SecurityContext that applies to all the containers
|
|
of the Jenkins Master. As per kubernetes specification, it can
|
|
be overridden for each container individually. Defaults to:
|
|
runAsUser: 1000 fsGroup: 1000'
|
|
properties:
|
|
fsGroup:
|
|
description: "A special supplemental group that applies to
|
|
all containers in a pod. Some volume types allow the Kubelet
|
|
to change the ownership of that volume to be owned by the
|
|
pod: \n 1. The owning GID will be the FSGroup 2. The setgid
|
|
bit is set (new files created in the volume will be owned
|
|
by FSGroup) 3. The permission bits are OR'd with rw-rw----
|
|
\n If unset, the Kubelet will not modify the ownership and
|
|
permissions of any volume."
|
|
format: int64
|
|
type: integer
|
|
fsGroupChangePolicy:
|
|
description: 'fsGroupChangePolicy defines behavior of changing
|
|
ownership and permission of the volume before being exposed
|
|
inside Pod. This field will only apply to volume types which
|
|
support fsGroup based ownership(and permissions). It will
|
|
have no effect on ephemeral volume types such as: secret,
|
|
configmaps and emptydir. Valid values are "OnRootMismatch"
|
|
and "Always". If not specified, "Always" is used.'
|
|
type: string
|
|
runAsGroup:
|
|
description: The GID to run the entrypoint of the container
|
|
process. Uses runtime default if unset. May also be set
|
|
in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence for that container.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: Indicates that the container must run as a non-root
|
|
user. If true, the Kubelet will validate the image at runtime
|
|
to ensure that it does not run as UID 0 (root) and fail
|
|
to start the container if it does. If unset or false, no
|
|
such validation will be performed. May also be set in SecurityContext. If
|
|
set in both SecurityContext and PodSecurityContext, the
|
|
value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: The UID to run the entrypoint of the container
|
|
process. Defaults to user specified in image metadata if
|
|
unspecified. May also be set in SecurityContext. If set
|
|
in both SecurityContext and PodSecurityContext, the value
|
|
specified in SecurityContext takes precedence for that container.
|
|
format: int64
|
|
type: integer
|
|
seLinuxOptions:
|
|
description: The SELinux context to be applied to all containers.
|
|
If unspecified, the container runtime will allocate a random
|
|
SELinux context for each container. May also be set in
|
|
SecurityContext. If set in both SecurityContext and PodSecurityContext,
|
|
the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies
|
|
to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies
|
|
to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies
|
|
to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies
|
|
to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: The seccomp options to use by the containers
|
|
in this pod.
|
|
properties:
|
|
localhostProfile:
|
|
description: localhostProfile indicates a profile defined
|
|
in a file on the node should be used. The profile must
|
|
be preconfigured on the node to work. Must be a descending
|
|
path, relative to the kubelet's configured seccomp profile
|
|
location. Must only be set if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: "type indicates which kind of seccomp profile
|
|
will be applied. Valid options are: \n Localhost - a
|
|
profile defined in a file on the node should be used.
|
|
RuntimeDefault - the container runtime default profile
|
|
should be used. Unconfined - no profile should be applied."
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
supplementalGroups:
|
|
description: A list of groups applied to the first process
|
|
run in each container, in addition to the container's primary
|
|
GID. If unspecified, no groups will be added to any container.
|
|
items:
|
|
format: int64
|
|
type: integer
|
|
type: array
|
|
sysctls:
|
|
description: Sysctls hold a list of namespaced sysctls used
|
|
for the pod. Pods with unsupported sysctls (by the container
|
|
runtime) might fail to launch.
|
|
items:
|
|
description: Sysctl defines a kernel parameter to be set
|
|
properties:
|
|
name:
|
|
description: Name of a property to set
|
|
type: string
|
|
value:
|
|
description: Value of a property to set
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
windowsOptions:
|
|
description: The Windows specific settings applied to all
|
|
containers. If unspecified, the options within a container's
|
|
SecurityContext will be used. If set in both SecurityContext
|
|
and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: GMSACredentialSpec is where the GMSA admission
|
|
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
inlines the contents of the GMSA credential spec named
|
|
by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name of the
|
|
GMSA credential spec to use.
|
|
type: string
|
|
runAsUserName:
|
|
description: The UserName in Windows to run the entrypoint
|
|
of the container process. Defaults to the user specified
|
|
in image metadata if unspecified. May also be set in
|
|
PodSecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
tolerations:
|
|
description: If specified, the pod's tolerations.
|
|
items:
|
|
description: The pod this Toleration is attached to tolerates
|
|
any taint that matches the triple <key,value,effect> using
|
|
the matching operator <operator>.
|
|
properties:
|
|
effect:
|
|
description: Effect indicates the taint effect to match.
|
|
Empty means match all taint effects. When specified, allowed
|
|
values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
type: string
|
|
key:
|
|
description: Key is the taint key that the toleration applies
|
|
to. Empty means match all taint keys. If the key is empty,
|
|
operator must be Exists; this combination means to match
|
|
all values and all keys.
|
|
type: string
|
|
operator:
|
|
description: Operator represents a key's relationship to
|
|
the value. Valid operators are Exists and Equal. Defaults
|
|
to Equal. Exists is equivalent to wildcard for value,
|
|
so that a pod can tolerate all taints of a particular
|
|
category.
|
|
type: string
|
|
tolerationSeconds:
|
|
description: TolerationSeconds represents the period of
|
|
time the toleration (which must be of effect NoExecute,
|
|
otherwise this field is ignored) tolerates the taint.
|
|
By default, it is not set, which means tolerate the taint
|
|
forever (do not evict). Zero and negative values will
|
|
be treated as 0 (evict immediately) by the system.
|
|
format: int64
|
|
type: integer
|
|
value:
|
|
description: Value is the taint value the toleration matches
|
|
to. If the operator is Exists, the value should be empty,
|
|
otherwise just a regular string.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
volumes:
|
|
description: 'List of volumes that can be mounted by containers
|
|
belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
|
|
items:
|
|
description: Volume represents a named volume in a pod that
|
|
may be accessed by any container in the pod.
|
|
properties:
|
|
awsElasticBlockStore:
|
|
description: 'AWSElasticBlockStore represents an AWS Disk
|
|
resource that is attached to a kubelet''s host machine
|
|
and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
properties:
|
|
fsType:
|
|
description: 'Filesystem type of the volume that you
|
|
want to mount. Tip: Ensure that the filesystem type
|
|
is supported by the host operating system. Examples:
|
|
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
|
|
TODO: how do we prevent errors in the filesystem from
|
|
compromising the machine'
|
|
type: string
|
|
partition:
|
|
description: 'The partition in the volume that you want
|
|
to mount. If omitted, the default is to mount by volume
|
|
name. Examples: For volume /dev/sda1, you specify
|
|
the partition as "1". Similarly, the volume partition
|
|
for /dev/sda is "0" (or you can leave the property
|
|
empty).'
|
|
format: int32
|
|
type: integer
|
|
readOnly:
|
|
description: 'Specify "true" to force and set the ReadOnly
|
|
property in VolumeMounts to "true". If omitted, the
|
|
default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
type: boolean
|
|
volumeID:
|
|
description: 'Unique ID of the persistent disk resource
|
|
in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
type: string
|
|
required:
|
|
- volumeID
|
|
type: object
|
|
azureDisk:
|
|
description: AzureDisk represents an Azure Data Disk mount
|
|
on the host and bind mount to the pod.
|
|
properties:
|
|
cachingMode:
|
|
description: 'Host Caching mode: None, Read Only, Read
|
|
Write.'
|
|
type: string
|
|
diskName:
|
|
description: The Name of the data disk in the blob storage
|
|
type: string
|
|
diskURI:
|
|
description: The URI the data disk in the blob storage
|
|
type: string
|
|
fsType:
|
|
description: Filesystem type to mount. Must be a filesystem
|
|
type supported by the host operating system. Ex. "ext4",
|
|
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
|
unspecified.
|
|
type: string
|
|
kind:
|
|
description: 'Expected values Shared: multiple blob
|
|
disks per storage account Dedicated: single blob
|
|
disk per storage account Managed: azure managed data
|
|
disk (only in managed availability set). defaults
|
|
to shared'
|
|
type: string
|
|
readOnly:
|
|
description: Defaults to false (read/write). ReadOnly
|
|
here will force the ReadOnly setting in VolumeMounts.
|
|
type: boolean
|
|
required:
|
|
- diskName
|
|
- diskURI
|
|
type: object
|
|
azureFile:
|
|
description: AzureFile represents an Azure File Service
|
|
mount on the host and bind mount to the pod.
|
|
properties:
|
|
readOnly:
|
|
description: Defaults to false (read/write). ReadOnly
|
|
here will force the ReadOnly setting in VolumeMounts.
|
|
type: boolean
|
|
secretName:
|
|
description: the name of secret that contains Azure
|
|
Storage Account Name and Key
|
|
type: string
|
|
shareName:
|
|
description: Share Name
|
|
type: string
|
|
required:
|
|
- secretName
|
|
- shareName
|
|
type: object
|
|
cephfs:
|
|
description: CephFS represents a Ceph FS mount on the host
|
|
that shares a pod's lifetime
|
|
properties:
|
|
monitors:
|
|
description: 'Required: Monitors is a collection of
|
|
Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
items:
|
|
type: string
|
|
type: array
|
|
path:
|
|
description: 'Optional: Used as the mounted root, rather
|
|
than the full Ceph tree, default is /'
|
|
type: string
|
|
readOnly:
|
|
description: 'Optional: Defaults to false (read/write).
|
|
ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
type: boolean
|
|
secretFile:
|
|
description: 'Optional: SecretFile is the path to key
|
|
ring for User, default is /etc/ceph/user.secret More
|
|
info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
type: string
|
|
secretRef:
|
|
description: 'Optional: SecretRef is reference to the
|
|
authentication secret for User, default is empty.
|
|
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
user:
|
|
description: 'Optional: User is the rados user name,
|
|
default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
type: string
|
|
required:
|
|
- monitors
|
|
type: object
|
|
cinder:
|
|
description: 'Cinder represents a cinder volume attached
|
|
and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
properties:
|
|
fsType:
|
|
description: 'Filesystem type to mount. Must be a filesystem
|
|
type supported by the host operating system. Examples:
|
|
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
type: string
|
|
readOnly:
|
|
description: 'Optional: Defaults to false (read/write).
|
|
ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
type: boolean
|
|
secretRef:
|
|
description: 'Optional: points to a secret object containing
|
|
parameters used to connect to OpenStack.'
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
volumeID:
|
|
description: 'volume id used to identify the volume
|
|
in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
type: string
|
|
required:
|
|
- volumeID
|
|
type: object
|
|
configMap:
|
|
description: ConfigMap represents a configMap that should
|
|
populate this volume
|
|
properties:
|
|
defaultMode:
|
|
description: 'Optional: mode bits used to set permissions
|
|
on created files by default. Must be an octal value
|
|
between 0000 and 0777 or a decimal value between 0
|
|
and 511. YAML accepts both octal and decimal values,
|
|
JSON requires decimal values for mode bits. Defaults
|
|
to 0644. Directories within the path are not affected
|
|
by this setting. This might be in conflict with other
|
|
options that affect the file mode, like fsGroup, and
|
|
the result can be other mode bits set.'
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: If unspecified, each key-value pair in
|
|
the Data field of the referenced ConfigMap will be
|
|
projected into the volume as a file whose name is
|
|
the key and content is the value. If specified, the
|
|
listed keys will be projected into the specified paths,
|
|
and unlisted keys will not be present. If a key is
|
|
specified which is not present in the ConfigMap, the
|
|
volume setup will error unless it is marked optional.
|
|
Paths must be relative and may not contain the '..'
|
|
path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a
|
|
volume.
|
|
properties:
|
|
key:
|
|
description: The key to project.
|
|
type: string
|
|
mode:
|
|
description: 'Optional: mode bits used to set
|
|
permissions on this file. Must be an octal value
|
|
between 0000 and 0777 or a decimal value between
|
|
0 and 511. YAML accepts both octal and decimal
|
|
values, JSON requires decimal values for mode
|
|
bits. If not specified, the volume defaultMode
|
|
will be used. This might be in conflict with
|
|
other options that affect the file mode, like
|
|
fsGroup, and the result can be other mode bits
|
|
set.'
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: The relative path of the file to
|
|
map the key to. May not be an absolute path.
|
|
May not contain the path element '..'. May not
|
|
start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
type: string
|
|
optional:
|
|
description: Specify whether the ConfigMap or its keys
|
|
must be defined
|
|
type: boolean
|
|
type: object
|
|
csi:
|
|
description: CSI (Container Storage Interface) represents
|
|
ephemeral storage that is handled by certain external
|
|
CSI drivers (Beta feature).
|
|
properties:
|
|
driver:
|
|
description: Driver is the name of the CSI driver that
|
|
handles this volume. Consult with your admin for the
|
|
correct name as registered in the cluster.
|
|
type: string
|
|
fsType:
|
|
description: Filesystem type to mount. Ex. "ext4", "xfs",
|
|
"ntfs". If not provided, the empty value is passed
|
|
to the associated CSI driver which will determine
|
|
the default filesystem to apply.
|
|
type: string
|
|
nodePublishSecretRef:
|
|
description: NodePublishSecretRef is a reference to
|
|
the secret object containing sensitive information
|
|
to pass to the CSI driver to complete the CSI NodePublishVolume
|
|
and NodeUnpublishVolume calls. This field is optional,
|
|
and may be empty if no secret is required. If the
|
|
secret object contains more than one secret, all secret
|
|
references are passed.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
readOnly:
|
|
description: Specifies a read-only configuration for
|
|
the volume. Defaults to false (read/write).
|
|
type: boolean
|
|
volumeAttributes:
|
|
additionalProperties:
|
|
type: string
|
|
description: VolumeAttributes stores driver-specific
|
|
properties that are passed to the CSI driver. Consult
|
|
your driver's documentation for supported values.
|
|
type: object
|
|
required:
|
|
- driver
|
|
type: object
|
|
downwardAPI:
|
|
description: DownwardAPI represents downward API about the
|
|
pod that should populate this volume
|
|
properties:
|
|
defaultMode:
|
|
description: 'Optional: mode bits to use on created
|
|
files by default. Must be a Optional: mode bits used
|
|
to set permissions on created files by default. Must
|
|
be an octal value between 0000 and 0777 or a decimal
|
|
value between 0 and 511. YAML accepts both octal and
|
|
decimal values, JSON requires decimal values for mode
|
|
bits. Defaults to 0644. Directories within the path
|
|
are not affected by this setting. This might be in
|
|
conflict with other options that affect the file mode,
|
|
like fsGroup, and the result can be other mode bits
|
|
set.'
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: Items is a list of downward API volume
|
|
file
|
|
items:
|
|
description: DownwardAPIVolumeFile represents information
|
|
to create the file containing the pod field
|
|
properties:
|
|
fieldRef:
|
|
description: 'Required: Selects a field of the
|
|
pod: only annotations, labels, name and namespace
|
|
are supported.'
|
|
properties:
|
|
apiVersion:
|
|
description: Version of the schema the FieldPath
|
|
is written in terms of, defaults to "v1".
|
|
type: string
|
|
fieldPath:
|
|
description: Path of the field to select in
|
|
the specified API version.
|
|
type: string
|
|
required:
|
|
- fieldPath
|
|
type: object
|
|
mode:
|
|
description: 'Optional: mode bits used to set
|
|
permissions on this file, must be an octal value
|
|
between 0000 and 0777 or a decimal value between
|
|
0 and 511. YAML accepts both octal and decimal
|
|
values, JSON requires decimal values for mode
|
|
bits. If not specified, the volume defaultMode
|
|
will be used. This might be in conflict with
|
|
other options that affect the file mode, like
|
|
fsGroup, and the result can be other mode bits
|
|
set.'
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: 'Required: Path is the relative
|
|
path name of the file to be created. Must not
|
|
be absolute or contain the ''..'' path. Must
|
|
be utf-8 encoded. The first item of the relative
|
|
path must not start with ''..'''
|
|
type: string
|
|
resourceFieldRef:
|
|
description: 'Selects a resource of the container:
|
|
only resources limits and requests (limits.cpu,
|
|
limits.memory, requests.cpu and requests.memory)
|
|
are currently supported.'
|
|
properties:
|
|
containerName:
|
|
description: 'Container name: required for
|
|
volumes, optional for env vars'
|
|
type: string
|
|
divisor:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Specifies the output format of
|
|
the exposed resources, defaults to "1"
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
resource:
|
|
description: 'Required: resource to select'
|
|
type: string
|
|
required:
|
|
- resource
|
|
type: object
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
type: object
|
|
emptyDir:
|
|
description: 'EmptyDir represents a temporary directory
|
|
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
|
properties:
|
|
medium:
|
|
description: 'What type of storage medium should back
|
|
this directory. The default is "" which means to use
|
|
the node''s default medium. Must be an empty string
|
|
(default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
|
type: string
|
|
sizeLimit:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: 'Total amount of local storage required
|
|
for this EmptyDir volume. The size limit is also applicable
|
|
for memory medium. The maximum usage on memory medium
|
|
EmptyDir would be the minimum value between the SizeLimit
|
|
specified here and the sum of memory limits of all
|
|
containers in a pod. The default is nil which means
|
|
that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
ephemeral:
|
|
description: "Ephemeral represents a volume that is handled
|
|
by a cluster storage driver (Alpha feature). The volume's
|
|
lifecycle is tied to the pod that defines it - it will
|
|
be created before the pod starts, and deleted when the
|
|
pod is removed. \n Use this if: a) the volume is only
|
|
needed while the pod runs, b) features of normal volumes
|
|
like restoring from snapshot or capacity tracking are
|
|
needed, c) the storage driver is specified through a storage
|
|
class, and d) the storage driver supports dynamic volume
|
|
provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
|
|
for more information on the connection between this
|
|
volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
|
|
or one of the vendor-specific APIs for volumes that persist
|
|
for longer than the lifecycle of an individual pod. \n
|
|
Use CSI for light-weight local ephemeral volumes if the
|
|
CSI driver is meant to be used that way - see the documentation
|
|
of the driver for more information. \n A pod can use both
|
|
types of ephemeral volumes and persistent volumes at the
|
|
same time."
|
|
properties:
|
|
readOnly:
|
|
description: Specifies a read-only configuration for
|
|
the volume. Defaults to false (read/write).
|
|
type: boolean
|
|
volumeClaimTemplate:
|
|
description: "Will be used to create a stand-alone PVC
|
|
to provision the volume. The pod in which this EphemeralVolumeSource
|
|
is embedded will be the owner of the PVC, i.e. the
|
|
PVC will be deleted together with the pod. The name
|
|
of the PVC will be `<pod name>-<volume name>` where
|
|
`<volume name>` is the name from the `PodSpec.Volumes`
|
|
array entry. Pod validation will reject the pod if
|
|
the concatenated name is not valid for a PVC (for
|
|
example, too long). \n An existing PVC with that name
|
|
that is not owned by the pod will *not* be used for
|
|
the pod to avoid using an unrelated volume by mistake.
|
|
Starting the pod is then blocked until the unrelated
|
|
PVC is removed. If such a pre-created PVC is meant
|
|
to be used by the pod, the PVC has to updated with
|
|
an owner reference to the pod once the pod exists.
|
|
Normally this should not be necessary, but it may
|
|
be useful when manually reconstructing a broken cluster.
|
|
\n This field is read-only and no changes will be
|
|
made by Kubernetes to the PVC after it has been created.
|
|
\n Required, must not be nil."
|
|
properties:
|
|
metadata:
|
|
description: May contain labels and annotations
|
|
that will be copied into the PVC when creating
|
|
it. No other fields are allowed and will be rejected
|
|
during validation.
|
|
type: object
|
|
spec:
|
|
description: The specification for the PersistentVolumeClaim.
|
|
The entire content is copied unchanged into the
|
|
PVC that gets created from this template. The
|
|
same fields as in a PersistentVolumeClaim are
|
|
also valid here.
|
|
properties:
|
|
accessModes:
|
|
description: 'AccessModes contains the desired
|
|
access modes the volume should have. More
|
|
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
|
|
items:
|
|
type: string
|
|
type: array
|
|
dataSource:
|
|
description: 'This field can be used to specify
|
|
either: * An existing VolumeSnapshot object
|
|
(snapshot.storage.k8s.io/VolumeSnapshot) *
|
|
An existing PVC (PersistentVolumeClaim) *
|
|
An existing custom resource that implements
|
|
data population (Alpha) In order to use custom
|
|
resource types that implement data population,
|
|
the AnyVolumeDataSource feature gate must
|
|
be enabled. If the provisioner or an external
|
|
controller can support the specified data
|
|
source, it will create a new volume based
|
|
on the contents of the specified data source.'
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup is the group for the
|
|
resource being referenced. If APIGroup
|
|
is not specified, the specified Kind must
|
|
be in the core API group. For any other
|
|
third-party types, APIGroup is required.
|
|
type: string
|
|
kind:
|
|
description: Kind is the type of resource
|
|
being referenced
|
|
type: string
|
|
name:
|
|
description: Name is the name of resource
|
|
being referenced
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
resources:
|
|
description: 'Resources represents the minimum
|
|
resources the volume should have. More info:
|
|
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
|
properties:
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'Limits describes the maximum
|
|
amount of compute resources allowed. More
|
|
info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'Requests describes the minimum
|
|
amount of compute resources required.
|
|
If Requests is omitted for a container,
|
|
it defaults to Limits if that is explicitly
|
|
specified, otherwise to an implementation-defined
|
|
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
|
type: object
|
|
type: object
|
|
selector:
|
|
description: A label query over volumes to consider
|
|
for binding.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
storageClassName:
|
|
description: 'Name of the StorageClass required
|
|
by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
|
|
type: string
|
|
volumeMode:
|
|
description: volumeMode defines what type of
|
|
volume is required by the claim. Value of
|
|
Filesystem is implied when not included in
|
|
claim spec.
|
|
type: string
|
|
volumeName:
|
|
description: VolumeName is the binding reference
|
|
to the PersistentVolume backing this claim.
|
|
type: string
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
type: object
|
|
fc:
|
|
description: FC represents a Fibre Channel resource that
|
|
is attached to a kubelet's host machine and then exposed
|
|
to the pod.
|
|
properties:
|
|
fsType:
|
|
description: 'Filesystem type to mount. Must be a filesystem
|
|
type supported by the host operating system. Ex. "ext4",
|
|
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
|
unspecified. TODO: how do we prevent errors in the
|
|
filesystem from compromising the machine'
|
|
type: string
|
|
lun:
|
|
description: 'Optional: FC target lun number'
|
|
format: int32
|
|
type: integer
|
|
readOnly:
|
|
description: 'Optional: Defaults to false (read/write).
|
|
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
|
|
type: boolean
|
|
targetWWNs:
|
|
description: 'Optional: FC target worldwide names (WWNs)'
|
|
items:
|
|
type: string
|
|
type: array
|
|
wwids:
|
|
description: 'Optional: FC volume world wide identifiers
|
|
(wwids) Either wwids or combination of targetWWNs
|
|
and lun must be set, but not both simultaneously.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
flexVolume:
|
|
description: FlexVolume represents a generic volume resource
|
|
that is provisioned/attached using an exec based plugin.
|
|
properties:
|
|
driver:
|
|
description: Driver is the name of the driver to use
|
|
for this volume.
|
|
type: string
|
|
fsType:
|
|
description: Filesystem type to mount. Must be a filesystem
|
|
type supported by the host operating system. Ex. "ext4",
|
|
"xfs", "ntfs". The default filesystem depends on FlexVolume
|
|
script.
|
|
type: string
|
|
options:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Optional: Extra command options if any.'
|
|
type: object
|
|
readOnly:
|
|
description: 'Optional: Defaults to false (read/write).
|
|
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
|
|
type: boolean
|
|
secretRef:
|
|
description: 'Optional: SecretRef is reference to the
|
|
secret object containing sensitive information to
|
|
pass to the plugin scripts. This may be empty if no
|
|
secret object is specified. If the secret object contains
|
|
more than one secret, all secrets are passed to the
|
|
plugin scripts.'
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
required:
|
|
- driver
|
|
type: object
|
|
flocker:
|
|
description: Flocker represents a Flocker volume attached
|
|
to a kubelet's host machine. This depends on the Flocker
|
|
control service being running
|
|
properties:
|
|
datasetName:
|
|
description: Name of the dataset stored as metadata
|
|
-> name on the dataset for Flocker should be considered
|
|
as deprecated
|
|
type: string
|
|
datasetUUID:
|
|
description: UUID of the dataset. This is unique identifier
|
|
of a Flocker dataset
|
|
type: string
|
|
type: object
|
|
gcePersistentDisk:
|
|
description: 'GCEPersistentDisk represents a GCE Disk resource
|
|
that is attached to a kubelet''s host machine and then
|
|
exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
properties:
|
|
fsType:
|
|
description: 'Filesystem type of the volume that you
|
|
want to mount. Tip: Ensure that the filesystem type
|
|
is supported by the host operating system. Examples:
|
|
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
|
|
TODO: how do we prevent errors in the filesystem from
|
|
compromising the machine'
|
|
type: string
|
|
partition:
|
|
description: 'The partition in the volume that you want
|
|
to mount. If omitted, the default is to mount by volume
|
|
name. Examples: For volume /dev/sda1, you specify
|
|
the partition as "1". Similarly, the volume partition
|
|
for /dev/sda is "0" (or you can leave the property
|
|
empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
format: int32
|
|
type: integer
|
|
pdName:
|
|
description: 'Unique name of the PD resource in GCE.
|
|
Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
type: string
|
|
readOnly:
|
|
description: 'ReadOnly here will force the ReadOnly
|
|
setting in VolumeMounts. Defaults to false. More info:
|
|
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
type: boolean
|
|
required:
|
|
- pdName
|
|
type: object
|
|
gitRepo:
|
|
description: 'GitRepo represents a git repository at a particular
|
|
revision. DEPRECATED: GitRepo is deprecated. To provision
|
|
a container with a git repo, mount an EmptyDir into an
|
|
InitContainer that clones the repo using git, then mount
|
|
the EmptyDir into the Pod''s container.'
|
|
properties:
|
|
directory:
|
|
description: Target directory name. Must not contain
|
|
or start with '..'. If '.' is supplied, the volume
|
|
directory will be the git repository. Otherwise,
|
|
if specified, the volume will contain the git repository
|
|
in the subdirectory with the given name.
|
|
type: string
|
|
repository:
|
|
description: Repository URL
|
|
type: string
|
|
revision:
|
|
description: Commit hash for the specified revision.
|
|
type: string
|
|
required:
|
|
- repository
|
|
type: object
|
|
glusterfs:
|
|
description: 'Glusterfs represents a Glusterfs mount on
|
|
the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
|
|
properties:
|
|
endpoints:
|
|
description: 'EndpointsName is the endpoint name that
|
|
details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
type: string
|
|
path:
|
|
description: 'Path is the Glusterfs volume path. More
|
|
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
type: string
|
|
readOnly:
|
|
description: 'ReadOnly here will force the Glusterfs
|
|
volume to be mounted with read-only permissions. Defaults
|
|
to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
type: boolean
|
|
required:
|
|
- endpoints
|
|
- path
|
|
type: object
|
|
hostPath:
|
|
description: 'HostPath represents a pre-existing file or
|
|
directory on the host machine that is directly exposed
|
|
to the container. This is generally used for system agents
|
|
or other privileged things that are allowed to see the
|
|
host machine. Most containers will NOT need this. More
|
|
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
|
|
--- TODO(jonesdl) We need to restrict who can use host
|
|
directory mounts and who can/can not mount host directories
|
|
as read/write.'
|
|
properties:
|
|
path:
|
|
description: 'Path of the directory on the host. If
|
|
the path is a symlink, it will follow the link to
|
|
the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
|
|
type: string
|
|
type:
|
|
description: 'Type for HostPath Volume Defaults to ""
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
iscsi:
|
|
description: 'ISCSI represents an ISCSI Disk resource that
|
|
is attached to a kubelet''s host machine and then exposed
|
|
to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
|
|
properties:
|
|
chapAuthDiscovery:
|
|
description: whether support iSCSI Discovery CHAP authentication
|
|
type: boolean
|
|
chapAuthSession:
|
|
description: whether support iSCSI Session CHAP authentication
|
|
type: boolean
|
|
fsType:
|
|
description: 'Filesystem type of the volume that you
|
|
want to mount. Tip: Ensure that the filesystem type
|
|
is supported by the host operating system. Examples:
|
|
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
|
|
TODO: how do we prevent errors in the filesystem from
|
|
compromising the machine'
|
|
type: string
|
|
initiatorName:
|
|
description: Custom iSCSI Initiator Name. If initiatorName
|
|
is specified with iscsiInterface simultaneously, new
|
|
iSCSI interface <target portal>:<volume name> will
|
|
be created for the connection.
|
|
type: string
|
|
iqn:
|
|
description: Target iSCSI Qualified Name.
|
|
type: string
|
|
iscsiInterface:
|
|
description: iSCSI Interface Name that uses an iSCSI
|
|
transport. Defaults to 'default' (tcp).
|
|
type: string
|
|
lun:
|
|
description: iSCSI Target Lun number.
|
|
format: int32
|
|
type: integer
|
|
portals:
|
|
description: iSCSI Target Portal List. The portal is
|
|
either an IP or ip_addr:port if the port is other
|
|
than default (typically TCP ports 860 and 3260).
|
|
items:
|
|
type: string
|
|
type: array
|
|
readOnly:
|
|
description: ReadOnly here will force the ReadOnly setting
|
|
in VolumeMounts. Defaults to false.
|
|
type: boolean
|
|
secretRef:
|
|
description: CHAP Secret for iSCSI target and initiator
|
|
authentication
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
targetPortal:
|
|
description: iSCSI Target Portal. The Portal is either
|
|
an IP or ip_addr:port if the port is other than default
|
|
(typically TCP ports 860 and 3260).
|
|
type: string
|
|
required:
|
|
- iqn
|
|
- lun
|
|
- targetPortal
|
|
type: object
|
|
name:
|
|
description: 'Volume''s name. Must be a DNS_LABEL and unique
|
|
within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
|
type: string
|
|
nfs:
|
|
description: 'NFS represents an NFS mount on the host that
|
|
shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
properties:
|
|
path:
|
|
description: 'Path that is exported by the NFS server.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
type: string
|
|
readOnly:
|
|
description: 'ReadOnly here will force the NFS export
|
|
to be mounted with read-only permissions. Defaults
|
|
to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
type: boolean
|
|
server:
|
|
description: 'Server is the hostname or IP address of
|
|
the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
type: string
|
|
required:
|
|
- path
|
|
- server
|
|
type: object
|
|
persistentVolumeClaim:
|
|
description: 'PersistentVolumeClaimVolumeSource represents
|
|
a reference to a PersistentVolumeClaim in the same namespace.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
|
|
properties:
|
|
claimName:
|
|
description: 'ClaimName is the name of a PersistentVolumeClaim
|
|
in the same namespace as the pod using this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
|
|
type: string
|
|
readOnly:
|
|
description: Will force the ReadOnly setting in VolumeMounts.
|
|
Default false.
|
|
type: boolean
|
|
required:
|
|
- claimName
|
|
type: object
|
|
photonPersistentDisk:
|
|
description: PhotonPersistentDisk represents a PhotonController
|
|
persistent disk attached and mounted on kubelets host
|
|
machine
|
|
properties:
|
|
fsType:
|
|
description: Filesystem type to mount. Must be a filesystem
|
|
type supported by the host operating system. Ex. "ext4",
|
|
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
|
unspecified.
|
|
type: string
|
|
pdID:
|
|
description: ID that identifies Photon Controller persistent
|
|
disk
|
|
type: string
|
|
required:
|
|
- pdID
|
|
type: object
|
|
portworxVolume:
|
|
description: PortworxVolume represents a portworx volume
|
|
attached and mounted on kubelets host machine
|
|
properties:
|
|
fsType:
|
|
description: FSType represents the filesystem type to
|
|
mount Must be a filesystem type supported by the host
|
|
operating system. Ex. "ext4", "xfs". Implicitly inferred
|
|
to be "ext4" if unspecified.
|
|
type: string
|
|
readOnly:
|
|
description: Defaults to false (read/write). ReadOnly
|
|
here will force the ReadOnly setting in VolumeMounts.
|
|
type: boolean
|
|
volumeID:
|
|
description: VolumeID uniquely identifies a Portworx
|
|
volume
|
|
type: string
|
|
required:
|
|
- volumeID
|
|
type: object
|
|
projected:
|
|
description: Items for all in one resources secrets, configmaps,
|
|
and downward API
|
|
properties:
|
|
defaultMode:
|
|
description: Mode bits used to set permissions on created
|
|
files by default. Must be an octal value between 0000
|
|
and 0777 or a decimal value between 0 and 511. YAML
|
|
accepts both octal and decimal values, JSON requires
|
|
decimal values for mode bits. Directories within the
|
|
path are not affected by this setting. This might
|
|
be in conflict with other options that affect the
|
|
file mode, like fsGroup, and the result can be other
|
|
mode bits set.
|
|
format: int32
|
|
type: integer
|
|
sources:
|
|
description: list of volume projections
|
|
items:
|
|
description: Projection that may be projected along
|
|
with other supported volume types
|
|
properties:
|
|
configMap:
|
|
description: information about the configMap data
|
|
to project
|
|
properties:
|
|
items:
|
|
description: If unspecified, each key-value
|
|
pair in the Data field of the referenced
|
|
ConfigMap will be projected into the volume
|
|
as a file whose name is the key and content
|
|
is the value. If specified, the listed keys
|
|
will be projected into the specified paths,
|
|
and unlisted keys will not be present. If
|
|
a key is specified which is not present
|
|
in the ConfigMap, the volume setup will
|
|
error unless it is marked optional. Paths
|
|
must be relative and may not contain the
|
|
'..' path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path
|
|
within a volume.
|
|
properties:
|
|
key:
|
|
description: The key to project.
|
|
type: string
|
|
mode:
|
|
description: 'Optional: mode bits used
|
|
to set permissions on this file. Must
|
|
be an octal value between 0000 and
|
|
0777 or a decimal value between 0
|
|
and 511. YAML accepts both octal and
|
|
decimal values, JSON requires decimal
|
|
values for mode bits. If not specified,
|
|
the volume defaultMode will be used.
|
|
This might be in conflict with other
|
|
options that affect the file mode,
|
|
like fsGroup, and the result can be
|
|
other mode bits set.'
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: The relative path of the
|
|
file to map the key to. May not be
|
|
an absolute path. May not contain
|
|
the path element '..'. May not start
|
|
with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
name:
|
|
description: 'Name of the referent. More info:
|
|
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion,
|
|
kind, uid?'
|
|
type: string
|
|
optional:
|
|
description: Specify whether the ConfigMap
|
|
or its keys must be defined
|
|
type: boolean
|
|
type: object
|
|
downwardAPI:
|
|
description: information about the downwardAPI
|
|
data to project
|
|
properties:
|
|
items:
|
|
description: Items is a list of DownwardAPIVolume
|
|
file
|
|
items:
|
|
description: DownwardAPIVolumeFile represents
|
|
information to create the file containing
|
|
the pod field
|
|
properties:
|
|
fieldRef:
|
|
description: 'Required: Selects a field
|
|
of the pod: only annotations, labels,
|
|
name and namespace are supported.'
|
|
properties:
|
|
apiVersion:
|
|
description: Version of the schema
|
|
the FieldPath is written in terms
|
|
of, defaults to "v1".
|
|
type: string
|
|
fieldPath:
|
|
description: Path of the field to
|
|
select in the specified API version.
|
|
type: string
|
|
required:
|
|
- fieldPath
|
|
type: object
|
|
mode:
|
|
description: 'Optional: mode bits used
|
|
to set permissions on this file, must
|
|
be an octal value between 0000 and
|
|
0777 or a decimal value between 0
|
|
and 511. YAML accepts both octal and
|
|
decimal values, JSON requires decimal
|
|
values for mode bits. If not specified,
|
|
the volume defaultMode will be used.
|
|
This might be in conflict with other
|
|
options that affect the file mode,
|
|
like fsGroup, and the result can be
|
|
other mode bits set.'
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: 'Required: Path is the
|
|
relative path name of the file to
|
|
be created. Must not be absolute or
|
|
contain the ''..'' path. Must be utf-8
|
|
encoded. The first item of the relative
|
|
path must not start with ''..'''
|
|
type: string
|
|
resourceFieldRef:
|
|
description: 'Selects a resource of
|
|
the container: only resources limits
|
|
and requests (limits.cpu, limits.memory,
|
|
requests.cpu and requests.memory)
|
|
are currently supported.'
|
|
properties:
|
|
containerName:
|
|
description: 'Container name: required
|
|
for volumes, optional for env
|
|
vars'
|
|
type: string
|
|
divisor:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Specifies the output
|
|
format of the exposed resources,
|
|
defaults to "1"
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
resource:
|
|
description: 'Required: resource
|
|
to select'
|
|
type: string
|
|
required:
|
|
- resource
|
|
type: object
|
|
required:
|
|
- path
|
|
type: object
|
|
type: array
|
|
type: object
|
|
secret:
|
|
description: information about the secret data
|
|
to project
|
|
properties:
|
|
items:
|
|
description: If unspecified, each key-value
|
|
pair in the Data field of the referenced
|
|
Secret will be projected into the volume
|
|
as a file whose name is the key and content
|
|
is the value. If specified, the listed keys
|
|
will be projected into the specified paths,
|
|
and unlisted keys will not be present. If
|
|
a key is specified which is not present
|
|
in the Secret, the volume setup will error
|
|
unless it is marked optional. Paths must
|
|
be relative and may not contain the '..'
|
|
path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path
|
|
within a volume.
|
|
properties:
|
|
key:
|
|
description: The key to project.
|
|
type: string
|
|
mode:
|
|
description: 'Optional: mode bits used
|
|
to set permissions on this file. Must
|
|
be an octal value between 0000 and
|
|
0777 or a decimal value between 0
|
|
and 511. YAML accepts both octal and
|
|
decimal values, JSON requires decimal
|
|
values for mode bits. If not specified,
|
|
the volume defaultMode will be used.
|
|
This might be in conflict with other
|
|
options that affect the file mode,
|
|
like fsGroup, and the result can be
|
|
other mode bits set.'
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: The relative path of the
|
|
file to map the key to. May not be
|
|
an absolute path. May not contain
|
|
the path element '..'. May not start
|
|
with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
name:
|
|
description: 'Name of the referent. More info:
|
|
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion,
|
|
kind, uid?'
|
|
type: string
|
|
optional:
|
|
description: Specify whether the Secret or
|
|
its key must be defined
|
|
type: boolean
|
|
type: object
|
|
serviceAccountToken:
|
|
description: information about the serviceAccountToken
|
|
data to project
|
|
properties:
|
|
audience:
|
|
description: Audience is the intended audience
|
|
of the token. A recipient of a token must
|
|
identify itself with an identifier specified
|
|
in the audience of the token, and otherwise
|
|
should reject the token. The audience defaults
|
|
to the identifier of the apiserver.
|
|
type: string
|
|
expirationSeconds:
|
|
description: ExpirationSeconds is the requested
|
|
duration of validity of the service account
|
|
token. As the token approaches expiration,
|
|
the kubelet volume plugin will proactively
|
|
rotate the service account token. The kubelet
|
|
will start trying to rotate the token if
|
|
the token is older than 80 percent of its
|
|
time to live or if the token is older than
|
|
24 hours.Defaults to 1 hour and must be
|
|
at least 10 minutes.
|
|
format: int64
|
|
type: integer
|
|
path:
|
|
description: Path is the path relative to
|
|
the mount point of the file to project the
|
|
token into.
|
|
type: string
|
|
required:
|
|
- path
|
|
type: object
|
|
type: object
|
|
type: array
|
|
type: object
|
|
quobyte:
|
|
description: Quobyte represents a Quobyte mount on the host
|
|
that shares a pod's lifetime
|
|
properties:
|
|
group:
|
|
description: Group to map volume access to Default is
|
|
no group
|
|
type: string
|
|
readOnly:
|
|
description: ReadOnly here will force the Quobyte volume
|
|
to be mounted with read-only permissions. Defaults
|
|
to false.
|
|
type: boolean
|
|
registry:
|
|
description: Registry represents a single or multiple
|
|
Quobyte Registry services specified as a string as
|
|
host:port pair (multiple entries are separated with
|
|
commas) which acts as the central registry for volumes
|
|
type: string
|
|
tenant:
|
|
description: Tenant owning the given Quobyte volume
|
|
in the Backend Used with dynamically provisioned Quobyte
|
|
volumes, value is set by the plugin
|
|
type: string
|
|
user:
|
|
description: User to map volume access to Defaults to
|
|
serivceaccount user
|
|
type: string
|
|
volume:
|
|
description: Volume is a string that references an already
|
|
created Quobyte volume by name.
|
|
type: string
|
|
required:
|
|
- registry
|
|
- volume
|
|
type: object
|
|
rbd:
|
|
description: 'RBD represents a Rados Block Device mount
|
|
on the host that shares a pod''s lifetime. More info:
|
|
https://examples.k8s.io/volumes/rbd/README.md'
|
|
properties:
|
|
fsType:
|
|
description: 'Filesystem type of the volume that you
|
|
want to mount. Tip: Ensure that the filesystem type
|
|
is supported by the host operating system. Examples:
|
|
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
|
|
TODO: how do we prevent errors in the filesystem from
|
|
compromising the machine'
|
|
type: string
|
|
image:
|
|
description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
type: string
|
|
keyring:
|
|
description: 'Keyring is the path to key ring for RBDUser.
|
|
Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
type: string
|
|
monitors:
|
|
description: 'A collection of Ceph monitors. More info:
|
|
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
items:
|
|
type: string
|
|
type: array
|
|
pool:
|
|
description: 'The rados pool name. Default is rbd. More
|
|
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
type: string
|
|
readOnly:
|
|
description: 'ReadOnly here will force the ReadOnly
|
|
setting in VolumeMounts. Defaults to false. More info:
|
|
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
type: boolean
|
|
secretRef:
|
|
description: 'SecretRef is name of the authentication
|
|
secret for RBDUser. If provided overrides keyring.
|
|
Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
user:
|
|
description: 'The rados user name. Default is admin.
|
|
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
type: string
|
|
required:
|
|
- image
|
|
- monitors
|
|
type: object
|
|
scaleIO:
|
|
description: ScaleIO represents a ScaleIO persistent volume
|
|
attached and mounted on Kubernetes nodes.
|
|
properties:
|
|
fsType:
|
|
description: Filesystem type to mount. Must be a filesystem
|
|
type supported by the host operating system. Ex. "ext4",
|
|
"xfs", "ntfs". Default is "xfs".
|
|
type: string
|
|
gateway:
|
|
description: The host address of the ScaleIO API Gateway.
|
|
type: string
|
|
protectionDomain:
|
|
description: The name of the ScaleIO Protection Domain
|
|
for the configured storage.
|
|
type: string
|
|
readOnly:
|
|
description: Defaults to false (read/write). ReadOnly
|
|
here will force the ReadOnly setting in VolumeMounts.
|
|
type: boolean
|
|
secretRef:
|
|
description: SecretRef references to the secret for
|
|
ScaleIO user and other sensitive information. If this
|
|
is not provided, Login operation will fail.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
sslEnabled:
|
|
description: Flag to enable/disable SSL communication
|
|
with Gateway, default false
|
|
type: boolean
|
|
storageMode:
|
|
description: Indicates whether the storage for a volume
|
|
should be ThickProvisioned or ThinProvisioned. Default
|
|
is ThinProvisioned.
|
|
type: string
|
|
storagePool:
|
|
description: The ScaleIO Storage Pool associated with
|
|
the protection domain.
|
|
type: string
|
|
system:
|
|
description: The name of the storage system as configured
|
|
in ScaleIO.
|
|
type: string
|
|
volumeName:
|
|
description: The name of a volume already created in
|
|
the ScaleIO system that is associated with this volume
|
|
source.
|
|
type: string
|
|
required:
|
|
- gateway
|
|
- secretRef
|
|
- system
|
|
type: object
|
|
secret:
|
|
description: 'Secret represents a secret that should populate
|
|
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
|
|
properties:
|
|
defaultMode:
|
|
description: 'Optional: mode bits used to set permissions
|
|
on created files by default. Must be an octal value
|
|
between 0000 and 0777 or a decimal value between 0
|
|
and 511. YAML accepts both octal and decimal values,
|
|
JSON requires decimal values for mode bits. Defaults
|
|
to 0644. Directories within the path are not affected
|
|
by this setting. This might be in conflict with other
|
|
options that affect the file mode, like fsGroup, and
|
|
the result can be other mode bits set.'
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: If unspecified, each key-value pair in
|
|
the Data field of the referenced Secret will be projected
|
|
into the volume as a file whose name is the key and
|
|
content is the value. If specified, the listed keys
|
|
will be projected into the specified paths, and unlisted
|
|
keys will not be present. If a key is specified which
|
|
is not present in the Secret, the volume setup will
|
|
error unless it is marked optional. Paths must be
|
|
relative and may not contain the '..' path or start
|
|
with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a
|
|
volume.
|
|
properties:
|
|
key:
|
|
description: The key to project.
|
|
type: string
|
|
mode:
|
|
description: 'Optional: mode bits used to set
|
|
permissions on this file. Must be an octal value
|
|
between 0000 and 0777 or a decimal value between
|
|
0 and 511. YAML accepts both octal and decimal
|
|
values, JSON requires decimal values for mode
|
|
bits. If not specified, the volume defaultMode
|
|
will be used. This might be in conflict with
|
|
other options that affect the file mode, like
|
|
fsGroup, and the result can be other mode bits
|
|
set.'
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: The relative path of the file to
|
|
map the key to. May not be an absolute path.
|
|
May not contain the path element '..'. May not
|
|
start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
optional:
|
|
description: Specify whether the Secret or its keys
|
|
must be defined
|
|
type: boolean
|
|
secretName:
|
|
description: 'Name of the secret in the pod''s namespace
|
|
to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
|
|
type: string
|
|
type: object
|
|
storageos:
|
|
description: StorageOS represents a StorageOS volume attached
|
|
and mounted on Kubernetes nodes.
|
|
properties:
|
|
fsType:
|
|
description: Filesystem type to mount. Must be a filesystem
|
|
type supported by the host operating system. Ex. "ext4",
|
|
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
|
unspecified.
|
|
type: string
|
|
readOnly:
|
|
description: Defaults to false (read/write). ReadOnly
|
|
here will force the ReadOnly setting in VolumeMounts.
|
|
type: boolean
|
|
secretRef:
|
|
description: SecretRef specifies the secret to use for
|
|
obtaining the StorageOS API credentials. If not specified,
|
|
default values will be attempted.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
volumeName:
|
|
description: VolumeName is the human-readable name of
|
|
the StorageOS volume. Volume names are only unique
|
|
within a namespace.
|
|
type: string
|
|
volumeNamespace:
|
|
description: VolumeNamespace specifies the scope of
|
|
the volume within StorageOS. If no namespace is specified
|
|
then the Pod's namespace will be used. This allows
|
|
the Kubernetes name scoping to be mirrored within
|
|
StorageOS for tighter integration. Set VolumeName
|
|
to any name to override the default behaviour. Set
|
|
to "default" if you are not using namespaces within
|
|
StorageOS. Namespaces that do not pre-exist within
|
|
StorageOS will be created.
|
|
type: string
|
|
type: object
|
|
vsphereVolume:
|
|
description: VsphereVolume represents a vSphere volume attached
|
|
and mounted on kubelets host machine
|
|
properties:
|
|
fsType:
|
|
description: Filesystem type to mount. Must be a filesystem
|
|
type supported by the host operating system. Ex. "ext4",
|
|
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
|
unspecified.
|
|
type: string
|
|
storagePolicyID:
|
|
description: Storage Policy Based Management (SPBM)
|
|
profile ID associated with the StoragePolicyName.
|
|
type: string
|
|
storagePolicyName:
|
|
description: Storage Policy Based Management (SPBM)
|
|
profile name.
|
|
type: string
|
|
volumePath:
|
|
description: Path that identifies vSphere volume vmdk
|
|
type: string
|
|
required:
|
|
- volumePath
|
|
type: object
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
required:
|
|
- disableCSRFProtection
|
|
type: object
|
|
notifications:
|
|
description: Notifications defines list of a services which are used
|
|
to inform about Jenkins status Can be used to integrate chat services
|
|
like Slack, Microsoft Teams or Mailgun
|
|
items:
|
|
description: Notification is a service configuration used to send
|
|
notifications about Jenkins status.
|
|
properties:
|
|
level:
|
|
description: NotificationLevel defines the level of a Notification.
|
|
type: string
|
|
mailgun:
|
|
description: Mailgun is handler for Mailgun email service notification
|
|
channel.
|
|
properties:
|
|
apiKeySecretKeySelector:
|
|
description: SecretKeySelector selects a key of a Secret.
|
|
properties:
|
|
key:
|
|
description: The key of the secret to select from. Must
|
|
be a valid secret key.
|
|
type: string
|
|
secret:
|
|
description: The name of the secret in the pod's namespace
|
|
to select from.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
required:
|
|
- key
|
|
- secret
|
|
type: object
|
|
domain:
|
|
type: string
|
|
from:
|
|
type: string
|
|
recipient:
|
|
type: string
|
|
required:
|
|
- apiKeySecretKeySelector
|
|
- domain
|
|
- from
|
|
- recipient
|
|
type: object
|
|
name:
|
|
type: string
|
|
slack:
|
|
description: Slack is handler for Slack notification channel.
|
|
properties:
|
|
webHookURLSecretKeySelector:
|
|
description: The web hook URL to Slack App
|
|
properties:
|
|
key:
|
|
description: The key of the secret to select from. Must
|
|
be a valid secret key.
|
|
type: string
|
|
secret:
|
|
description: The name of the secret in the pod's namespace
|
|
to select from.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
required:
|
|
- key
|
|
- secret
|
|
type: object
|
|
required:
|
|
- webHookURLSecretKeySelector
|
|
type: object
|
|
smtp:
|
|
description: SMTP is handler for sending emails via this protocol.
|
|
properties:
|
|
from:
|
|
type: string
|
|
passwordSecretKeySelector:
|
|
description: SecretKeySelector selects a key of a Secret.
|
|
properties:
|
|
key:
|
|
description: The key of the secret to select from. Must
|
|
be a valid secret key.
|
|
type: string
|
|
secret:
|
|
description: The name of the secret in the pod's namespace
|
|
to select from.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
required:
|
|
- key
|
|
- secret
|
|
type: object
|
|
port:
|
|
type: integer
|
|
server:
|
|
type: string
|
|
tlsInsecureSkipVerify:
|
|
type: boolean
|
|
to:
|
|
type: string
|
|
usernameSecretKeySelector:
|
|
description: SecretKeySelector selects a key of a Secret.
|
|
properties:
|
|
key:
|
|
description: The key of the secret to select from. Must
|
|
be a valid secret key.
|
|
type: string
|
|
secret:
|
|
description: The name of the secret in the pod's namespace
|
|
to select from.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
required:
|
|
- key
|
|
- secret
|
|
type: object
|
|
required:
|
|
- from
|
|
- passwordSecretKeySelector
|
|
- port
|
|
- server
|
|
- to
|
|
- usernameSecretKeySelector
|
|
type: object
|
|
teams:
|
|
description: MicrosoftTeams is handler for Microsoft MicrosoftTeams
|
|
notification channel.
|
|
properties:
|
|
webHookURLSecretKeySelector:
|
|
description: The web hook URL to MicrosoftTeams App
|
|
properties:
|
|
key:
|
|
description: The key of the secret to select from. Must
|
|
be a valid secret key.
|
|
type: string
|
|
secret:
|
|
description: The name of the secret in the pod's namespace
|
|
to select from.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind,
|
|
uid?'
|
|
type: string
|
|
type: object
|
|
required:
|
|
- key
|
|
- secret
|
|
type: object
|
|
required:
|
|
- webHookURLSecretKeySelector
|
|
type: object
|
|
verbose:
|
|
type: boolean
|
|
required:
|
|
- level
|
|
- name
|
|
- verbose
|
|
type: object
|
|
type: array
|
|
restore:
|
|
description: 'Backup defines configuration of Jenkins backup restore
|
|
More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/'
|
|
properties:
|
|
action:
|
|
description: Action defines action which performs restore backup
|
|
in restore container sidecar
|
|
properties:
|
|
exec:
|
|
description: Exec specifies the action to take.
|
|
properties:
|
|
command:
|
|
description: Command is the command line to execute inside
|
|
the container, the working directory for the command is
|
|
root ('/') in the container's filesystem. The command
|
|
is simply exec'd, it is not run inside a shell, so traditional
|
|
shell instructions ('|', etc) won't work. To use a shell,
|
|
you need to explicitly call out to that shell. Exit
|
|
status of 0 is treated as live/healthy and non-zero
|
|
is unhealthy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
containerName:
|
|
description: ContainerName is the container name responsible for
|
|
restore backup operation
|
|
type: string
|
|
getLatestAction:
|
|
description: GetLatestAction defines action which returns the
|
|
latest backup number. If there is no backup "-1" should be returned.
|
|
properties:
|
|
exec:
|
|
description: Exec specifies the action to take.
|
|
properties:
|
|
command:
|
|
description: Command is the command line to execute inside
|
|
the container, the working directory for the command is
|
|
root ('/') in the container's filesystem. The command
|
|
is simply exec'd, it is not run inside a shell, so traditional
|
|
shell instructions ('|', etc) won't work. To use a shell,
|
|
you need to explicitly call out to that shell. Exit
|
|
status of 0 is treated as live/healthy and non-zero
|
|
is unhealthy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
recoveryOnce:
|
|
description: RecoveryOnce if want to restore specific backup set
|
|
this field and then Jenkins will be restarted and desired backup
|
|
will be restored
|
|
format: int64
|
|
type: integer
|
|
required:
|
|
- action
|
|
- containerName
|
|
type: object
|
|
roles:
|
|
description: Roles defines list of extra RBAC roles for the Jenkins
|
|
Master pod service account
|
|
items:
|
|
description: RoleRef contains information that points to the role
|
|
being used
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup is the group for the resource being referenced
|
|
type: string
|
|
kind:
|
|
description: Kind is the type of resource being referenced
|
|
type: string
|
|
name:
|
|
description: Name is the name of resource being referenced
|
|
type: string
|
|
required:
|
|
- apiGroup
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
seedJobAgentImage:
|
|
type: string
|
|
description: 'SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.9-1 will be used.'
|
|
seedJobs:
|
|
description: 'SeedJobs defines list of Jenkins Seed Job configurations
|
|
More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines'
|
|
items:
|
|
description: 'SeedJob defines configuration for seed job More info:
|
|
https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration/#configure-seed-jobs-and-pipelines.'
|
|
properties:
|
|
additionalClasspath:
|
|
description: AdditionalClasspath is setting for Job DSL API
|
|
plugin to set Additional Classpath
|
|
type: string
|
|
bitbucketPushTrigger:
|
|
description: BitbucketPushTrigger is used for Bitbucket web
|
|
hooks
|
|
type: boolean
|
|
buildPeriodically:
|
|
description: BuildPeriodically is setting for scheduled trigger
|
|
type: string
|
|
credentialID:
|
|
description: CredentialID is the Kubernetes secret name which
|
|
stores repository access credentials
|
|
type: string
|
|
credentialType:
|
|
description: JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/
|
|
credential type
|
|
type: string
|
|
description:
|
|
description: Description is the description of the seed job
|
|
type: string
|
|
failOnMissingPlugin:
|
|
description: FailOnMissingPlugin is setting for Job DSL API
|
|
plugin that fails job if required plugin is missing
|
|
type: boolean
|
|
githubPushTrigger:
|
|
description: GitHubPushTrigger is used for GitHub web hooks
|
|
type: boolean
|
|
id:
|
|
description: ID is the unique seed job name
|
|
type: string
|
|
ignoreMissingFiles:
|
|
description: IgnoreMissingFiles is setting for Job DSL API plugin
|
|
to ignore files that miss
|
|
type: boolean
|
|
pollSCM:
|
|
description: PollSCM is setting for polling changes in SCM
|
|
type: string
|
|
repositoryBranch:
|
|
description: RepositoryBranch is the repository branch where
|
|
are seed job definitions
|
|
type: string
|
|
repositoryUrl:
|
|
description: RepositoryURL is the repository access URL. Can
|
|
be SSH or HTTPS.
|
|
type: string
|
|
targets:
|
|
description: Targets is the repository path where are seed job
|
|
definitions
|
|
type: string
|
|
unstableOnDeprecation:
|
|
description: UnstableOnDeprecation is setting for Job DSL API
|
|
plugin that sets build status as unstable if build using deprecated
|
|
features
|
|
type: boolean
|
|
type: object
|
|
type: array
|
|
service:
|
|
description: 'Service is Kubernetes service of Jenkins master HTTP
|
|
pod Defaults to : port: 8080 type: ClusterIP'
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Annotations is an unstructured key value map stored
|
|
with a resource that may be set by external tools to store and
|
|
retrieve arbitrary metadata. They are not queryable and should
|
|
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Route service traffic to pods with label keys and
|
|
values matching this selector. If empty or not present, the
|
|
service is assumed to have an external process managing its
|
|
endpoints, which Kubernetes will not modify. Only applies to
|
|
types ClusterIP, NodePort, and LoadBalancer. Ignored if type
|
|
is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
|
|
type: object
|
|
loadBalancerIP:
|
|
description: 'Only applies to Service Type: LoadBalancer LoadBalancer
|
|
will get created with the IP specified in this field. This feature
|
|
depends on whether the underlying cloud-provider supports specifying
|
|
the loadBalancerIP when a load balancer is created. This field
|
|
will be ignored if the cloud-provider does not support the feature.'
|
|
type: string
|
|
loadBalancerSourceRanges:
|
|
description: 'If specified and supported by the platform, this
|
|
will restrict traffic through the cloud-provider load-balancer
|
|
will be restricted to the specified client IPs. This field will
|
|
be ignored if the cloud-provider does not support the feature."
|
|
More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access'
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodePort:
|
|
description: 'The port on each node on which this service is exposed
|
|
when type=NodePort or LoadBalancer. Usually assigned by the
|
|
system. If specified, it will be allocated to the service if
|
|
unused or else creation of the service will fail. Default is
|
|
to auto-allocate a port if the ServiceType of this Service requires
|
|
one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
|
|
format: int32
|
|
type: integer
|
|
port:
|
|
description: 'The port that are exposed by this service. More
|
|
info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
|
|
format: int32
|
|
type: integer
|
|
type:
|
|
description: 'Type determines how the Service is exposed. Defaults
|
|
to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort,
|
|
and LoadBalancer. "ExternalName" maps to the specified externalName.
|
|
"ClusterIP" allocates a cluster-internal IP address for load-balancing
|
|
to endpoints. Endpoints are determined by the selector or if
|
|
that is not specified, by manual construction of an Endpoints
|
|
object. If clusterIP is "None", no virtual IP is allocated and
|
|
the endpoints are published as a set of endpoints rather than
|
|
a stable IP. "NodePort" builds on ClusterIP and allocates a
|
|
port on every node which routes to the clusterIP. "LoadBalancer"
|
|
builds on NodePort and creates an external load-balancer (if
|
|
supported in the current cloud) which routes to the clusterIP.
|
|
More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types'
|
|
type: string
|
|
type: object
|
|
serviceAccount:
|
|
description: ServiceAccount defines Jenkins master service account
|
|
attributes
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Annotations is an unstructured key value map stored
|
|
with a resource that may be set by external tools to store and
|
|
retrieve arbitrary metadata. They are not queryable and should
|
|
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
|
|
type: object
|
|
type: object
|
|
slaveService:
|
|
description: 'Service is Kubernetes service of Jenkins slave pods
|
|
Defaults to : port: 50000 type: ClusterIP'
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Annotations is an unstructured key value map stored
|
|
with a resource that may be set by external tools to store and
|
|
retrieve arbitrary metadata. They are not queryable and should
|
|
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Route service traffic to pods with label keys and
|
|
values matching this selector. If empty or not present, the
|
|
service is assumed to have an external process managing its
|
|
endpoints, which Kubernetes will not modify. Only applies to
|
|
types ClusterIP, NodePort, and LoadBalancer. Ignored if type
|
|
is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
|
|
type: object
|
|
loadBalancerIP:
|
|
description: 'Only applies to Service Type: LoadBalancer LoadBalancer
|
|
will get created with the IP specified in this field. This feature
|
|
depends on whether the underlying cloud-provider supports specifying
|
|
the loadBalancerIP when a load balancer is created. This field
|
|
will be ignored if the cloud-provider does not support the feature.'
|
|
type: string
|
|
loadBalancerSourceRanges:
|
|
description: 'If specified and supported by the platform, this
|
|
will restrict traffic through the cloud-provider load-balancer
|
|
will be restricted to the specified client IPs. This field will
|
|
be ignored if the cloud-provider does not support the feature."
|
|
More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access'
|
|
items:
|
|
type: string
|
|
type: array
|
|
nodePort:
|
|
description: 'The port on each node on which this service is exposed
|
|
when type=NodePort or LoadBalancer. Usually assigned by the
|
|
system. If specified, it will be allocated to the service if
|
|
unused or else creation of the service will fail. Default is
|
|
to auto-allocate a port if the ServiceType of this Service requires
|
|
one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
|
|
format: int32
|
|
type: integer
|
|
port:
|
|
description: 'The port that are exposed by this service. More
|
|
info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
|
|
format: int32
|
|
type: integer
|
|
type:
|
|
description: 'Type determines how the Service is exposed. Defaults
|
|
to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort,
|
|
and LoadBalancer. "ExternalName" maps to the specified externalName.
|
|
"ClusterIP" allocates a cluster-internal IP address for load-balancing
|
|
to endpoints. Endpoints are determined by the selector or if
|
|
that is not specified, by manual construction of an Endpoints
|
|
object. If clusterIP is "None", no virtual IP is allocated and
|
|
the endpoints are published as a set of endpoints rather than
|
|
a stable IP. "NodePort" builds on ClusterIP and allocates a
|
|
port on every node which routes to the clusterIP. "LoadBalancer"
|
|
builds on NodePort and creates an external load-balancer (if
|
|
supported in the current cloud) which routes to the clusterIP.
|
|
More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types'
|
|
type: string
|
|
type: object
|
|
validateSecurityWarnings:
|
|
description: ValidateSecurityWarnings enables or disables validating
|
|
potential security warnings in Jenkins plugins via admission webhooks.
|
|
type: boolean
|
|
required:
|
|
- jenkinsAPISettings
|
|
- master
|
|
type: object
|
|
status:
|
|
description: Status defines the observed state of Jenkins
|
|
properties:
|
|
appliedGroovyScripts:
|
|
description: AppliedGroovyScripts is a list with all applied groovy
|
|
scripts in Jenkins by the operator
|
|
items:
|
|
description: AppliedGroovyScript is the applied groovy script in
|
|
Jenkins by the operator.
|
|
properties:
|
|
configurationType:
|
|
description: ConfigurationType is the name of the configuration
|
|
type(base-groovy, user-groovy, user-casc)
|
|
type: string
|
|
hash:
|
|
description: Hash is the hash of the groovy script and secrets
|
|
which it uses
|
|
type: string
|
|
name:
|
|
description: Name is the name of the groovy script
|
|
type: string
|
|
source:
|
|
description: Source is the name of source where is located groovy
|
|
script
|
|
type: string
|
|
required:
|
|
- configurationType
|
|
- hash
|
|
- name
|
|
- source
|
|
type: object
|
|
type: array
|
|
backupDoneBeforePodDeletion:
|
|
description: BackupDoneBeforePodDeletion tells if backup before pod
|
|
deletion has been made
|
|
type: boolean
|
|
baseConfigurationCompletedTime:
|
|
description: BaseConfigurationCompletedTime is a time when Jenkins
|
|
base configuration phase has been completed
|
|
format: date-time
|
|
type: string
|
|
createdSeedJobs:
|
|
description: CreatedSeedJobs contains list of seed job id already
|
|
created in Jenkins
|
|
items:
|
|
type: string
|
|
type: array
|
|
lastBackup:
|
|
description: LastBackup is the latest backup number
|
|
format: int64
|
|
type: integer
|
|
operatorVersion:
|
|
description: OperatorVersion is the operator version which manages
|
|
this CR
|
|
type: string
|
|
pendingBackup:
|
|
description: PendingBackup is the pending backup number
|
|
format: int64
|
|
type: integer
|
|
provisionStartTime:
|
|
description: ProvisionStartTime is a time when Jenkins master pod
|
|
has been created
|
|
format: date-time
|
|
type: string
|
|
restoredBackup:
|
|
description: RestoredBackup is the restored backup number after Jenkins
|
|
master pod restart
|
|
format: int64
|
|
type: integer
|
|
userAndPasswordHash:
|
|
description: UserAndPasswordHash is a SHA256 hash made from user and
|
|
password
|
|
type: string
|
|
userConfigurationCompletedTime:
|
|
description: UserConfigurationCompletedTime is a time when Jenkins
|
|
user configuration phase has been completed
|
|
format: date-time
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|