summaryrefslogtreecommitdiff
path: root/vendor/k8s.io/api/core/v1/types.go
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2019-06-24 21:29:31 +0200
committerValentin Rothberg <rothberg@redhat.com>2019-06-24 21:29:31 +0200
commit2388222e98462fdbbe44f3e091b2b79d80956a9a (patch)
tree17078d861c20a3e48b19c750c6864c5f59248386 /vendor/k8s.io/api/core/v1/types.go
parenta1a4a75abee2c381483a218e1660621ee416ef7c (diff)
downloadpodman-2388222e98462fdbbe44f3e091b2b79d80956a9a.tar.gz
podman-2388222e98462fdbbe44f3e091b2b79d80956a9a.tar.bz2
podman-2388222e98462fdbbe44f3e091b2b79d80956a9a.zip
update dependencies
Ran a `go get -u` and bumped K8s deps to 1.15.0. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/k8s.io/api/core/v1/types.go')
-rw-r--r--vendor/k8s.io/api/core/v1/types.go892
1 files changed, 534 insertions, 358 deletions
diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go
index 36f456702..2279a4b7a 100644
--- a/vendor/k8s.io/api/core/v1/types.go
+++ b/vendor/k8s.io/api/core/v1/types.go
@@ -23,214 +23,13 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)
-// The comments for the structs and fields can be used from go-restful to
-// generate Swagger API documentation for its models. Please read this PR for more
-// information on the implementation: https://github.com/emicklei/go-restful/pull/215
-//
-// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if
-// they are on one line! For multiple line or blocks that you want to ignore use ---.
-// Any context after a --- is ignored and not exported to the SwaggerAPI.
-//
-// The aforementioned methods can be generated by hack/update-generated-swagger-docs.sh
-
-// Common string formats
-// ---------------------
-// Many fields in this API have formatting requirements. The commonly used
-// formats are defined here.
-//
-// C_IDENTIFIER: This is a string that conforms to the definition of an "identifier"
-// in the C language. This is captured by the following regex:
-// [A-Za-z_][A-Za-z0-9_]*
-// This defines the format, but not the length restriction, which should be
-// specified at the definition of any field of this type.
-//
-// DNS_LABEL: This is a string, no more than 63 characters long, that conforms
-// to the definition of a "label" in RFCs 1035 and 1123. This is captured
-// by the following regex:
-// [a-z0-9]([-a-z0-9]*[a-z0-9])?
-//
-// DNS_SUBDOMAIN: This is a string, no more than 253 characters long, that conforms
-// to the definition of a "subdomain" in RFCs 1035 and 1123. This is captured
-// by the following regex:
-// [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
-// or more simply:
-// DNS_LABEL(\.DNS_LABEL)*
-//
-// IANA_SVC_NAME: This is a string, no more than 15 characters long, that
-// conforms to the definition of IANA service name in RFC 6335.
-// It must contains at least one letter [a-z] and it must contains only [a-z0-9-].
-// Hypens ('-') cannot be leading or trailing character of the string
-// and cannot be adjacent to other hyphens.
-
-// ObjectMeta is metadata that all persisted resources must have, which includes all objects
-// users must create.
-// DEPRECATED: Use k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta instead - this type will be removed soon.
-// +k8s:openapi-gen=false
-type ObjectMeta struct {
- // Name must be unique within a namespace. Is required when creating resources, although
- // some resources may allow a client to request the generation of an appropriate name
- // automatically. Name is primarily intended for creation idempotence and configuration
- // definition.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- // +optional
- Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
-
- // GenerateName is an optional prefix, used by the server, to generate a unique
- // name ONLY IF the Name field has not been provided.
- // If this field is used, the name returned to the client will be different
- // than the name passed. This value will also be combined with a unique suffix.
- // The provided value has the same validation rules as the Name field,
- // and may be truncated by the length of the suffix required to make the value
- // unique on the server.
- //
- // If this field is specified and the generated name exists, the server will
- // NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
- // ServerTimeout indicating a unique name could not be found in the time allotted, and the client
- // should retry (optionally after the time indicated in the Retry-After header).
- //
- // Applied only if Name is not specified.
- // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency
- // +optional
- GenerateName string `json:"generateName,omitempty" protobuf:"bytes,2,opt,name=generateName"`
-
- // Namespace defines the space within each name must be unique. An empty namespace is
- // equivalent to the "default" namespace, but "default" is the canonical representation.
- // Not all objects are required to be scoped to a namespace - the value of this field for
- // those objects will be empty.
- //
- // Must be a DNS_LABEL.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- // +optional
- Namespace string `json:"namespace,omitempty" protobuf:"bytes,3,opt,name=namespace"`
-
- // SelfLink is a URL representing this object.
- // Populated by the system.
- // Read-only.
- // +optional
- SelfLink string `json:"selfLink,omitempty" protobuf:"bytes,4,opt,name=selfLink"`
-
- // UID is the unique in time and space value for this object. It is typically generated by
- // the server on successful creation of a resource and is not allowed to change on PUT
- // operations.
- //
- // Populated by the system.
- // Read-only.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- // +optional
- UID types.UID `json:"uid,omitempty" protobuf:"bytes,5,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"`
-
- // An opaque value that represents the internal version of this object that can
- // be used by clients to determine when objects have changed. May be used for optimistic
- // concurrency, change detection, and the watch operation on a resource or set of resources.
- // Clients must treat these values as opaque and passed unmodified back to the server.
- // They may only be valid for a particular resource or set of resources.
- //
- // Populated by the system.
- // Read-only.
- // Value must be treated as opaque by clients and .
- // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency
- // +optional
- ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,6,opt,name=resourceVersion"`
-
- // A sequence number representing a specific generation of the desired state.
- // Populated by the system. Read-only.
- // +optional
- Generation int64 `json:"generation,omitempty" protobuf:"varint,7,opt,name=generation"`
-
- // CreationTimestamp is a timestamp representing the server time when this object was
- // created. It is not guaranteed to be set in happens-before order across separate operations.
- // Clients may not set this value. It is represented in RFC3339 form and is in UTC.
- //
- // Populated by the system.
- // Read-only.
- // Null for lists.
- // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
- // +optional
- CreationTimestamp metav1.Time `json:"creationTimestamp,omitempty" protobuf:"bytes,8,opt,name=creationTimestamp"`
-
- // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This
- // field is set by the server when a graceful deletion is requested by the user, and is not
- // directly settable by a client. The resource is expected to be deleted (no longer visible
- // from resource lists, and not reachable by name) after the time in this field. Once set,
- // this value may not be unset or be set further into the future, although it may be shortened
- // or the resource may be deleted prior to this time. For example, a user may request that
- // a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination
- // signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard
- // termination signal (SIGKILL) to the container and after cleanup, remove the pod from the
- // API. In the presence of network partitions, this object may still exist after this
- // timestamp, until an administrator or automated process can determine the resource is
- // fully terminated.
- // If not set, graceful deletion of the object has not been requested.
- //
- // Populated by the system when a graceful deletion is requested.
- // Read-only.
- // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
- // +optional
- DeletionTimestamp *metav1.Time `json:"deletionTimestamp,omitempty" protobuf:"bytes,9,opt,name=deletionTimestamp"`
-
- // Number of seconds allowed for this object to gracefully terminate before
- // it will be removed from the system. Only set when deletionTimestamp is also set.
- // May only be shortened.
- // Read-only.
- // +optional
- DeletionGracePeriodSeconds *int64 `json:"deletionGracePeriodSeconds,omitempty" protobuf:"varint,10,opt,name=deletionGracePeriodSeconds"`
-
- // Map of string keys and values that can be used to organize and categorize
- // (scope and select) objects. May match selectors of replication controllers
- // and services.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
- // +optional
- Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,11,rep,name=labels"`
-
- // Annotations is an unstructured key value map stored with a resource that may be
- // set by external tools to store and retrieve arbitrary metadata. They are not
- // queryable and should be preserved when modifying objects.
- // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
- // +optional
- Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"`
-
- // List of objects depended by this object. If ALL objects in the list have
- // been deleted, this object will be garbage collected. If this object is managed by a controller,
- // then an entry in this list will point to this controller, with the controller field set to true.
- // There cannot be more than one managing controller.
- // +optional
- // +patchMergeKey=uid
- // +patchStrategy=merge
- OwnerReferences []metav1.OwnerReference `json:"ownerReferences,omitempty" patchStrategy:"merge" patchMergeKey:"uid" protobuf:"bytes,13,rep,name=ownerReferences"`
-
- // An initializer is a controller which enforces some system invariant at object creation time.
- // This field is a list of initializers that have not yet acted on this object. If nil or empty,
- // this object has been completely initialized. Otherwise, the object is considered uninitialized
- // and is hidden (in list/watch and get calls) from clients that haven't explicitly asked to
- // observe uninitialized objects.
- //
- // When an object is created, the system will populate this list with the current set of initializers.
- // Only privileged users may set or modify this list. Once it is empty, it may not be modified further
- // by any user.
- Initializers *metav1.Initializers `json:"initializers,omitempty" patchStrategy:"merge" protobuf:"bytes,16,rep,name=initializers"`
-
- // Must be empty before the object is deleted from the registry. Each entry
- // is an identifier for the responsible component that will remove the entry
- // from the list. If the deletionTimestamp of the object is non-nil, entries
- // in this list can only be removed.
- // +optional
- // +patchStrategy=merge
- Finalizers []string `json:"finalizers,omitempty" patchStrategy:"merge" protobuf:"bytes,14,rep,name=finalizers"`
-
- // The name of the cluster which the object belongs to.
- // This is used to distinguish resources with same name and namespace in different clusters.
- // This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
- // +optional
- ClusterName string `json:"clusterName,omitempty" protobuf:"bytes,15,opt,name=clusterName"`
-}
-
const (
// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients
NamespaceDefault string = "default"
// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces
NamespaceAll string = ""
+ // NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats)
+ NamespaceNodeLease string = "kube-node-lease"
)
// Volume represents a named volume in a pod that may be accessed by any container in the pod.
@@ -273,6 +72,9 @@ type VolumeSource struct {
// +optional
AWSElasticBlockStore *AWSElasticBlockStoreVolumeSource `json:"awsElasticBlockStore,omitempty" protobuf:"bytes,4,opt,name=awsElasticBlockStore"`
// GitRepo represents a git repository at a particular revision.
+ // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ // into the Pod's container.
// +optional
GitRepo *GitRepoVolumeSource `json:"gitRepo,omitempty" protobuf:"bytes,5,opt,name=gitRepo"`
// Secret represents a secret that should populate this volume.
@@ -349,6 +151,9 @@ type VolumeSource struct {
// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
// +optional
StorageOS *StorageOSVolumeSource `json:"storageos,omitempty" protobuf:"bytes,27,opt,name=storageos"`
+ // CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).
+ // +optional
+ CSI *CSIVolumeSource `json:"csi,omitempty" protobuf:"bytes,28,opt,name=csi"`
}
// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace.
@@ -389,7 +194,7 @@ type PersistentVolumeSource struct {
// exposed to the pod. Provisioned by an admin.
// More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md
// +optional
- Glusterfs *GlusterfsVolumeSource `json:"glusterfs,omitempty" protobuf:"bytes,4,opt,name=glusterfs"`
+ Glusterfs *GlusterfsPersistentVolumeSource `json:"glusterfs,omitempty" protobuf:"bytes,4,opt,name=glusterfs"`
// NFS represents an NFS mount on the host. Provisioned by an admin.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
// +optional
@@ -405,7 +210,7 @@ type PersistentVolumeSource struct {
// Cinder represents a cinder volume attached and mounted on kubelets host machine
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
- Cinder *CinderVolumeSource `json:"cinder,omitempty" protobuf:"bytes,8,opt,name=cinder"`
+ Cinder *CinderPersistentVolumeSource `json:"cinder,omitempty" protobuf:"bytes,8,opt,name=cinder"`
// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
// +optional
CephFS *CephFSPersistentVolumeSource `json:"cephfs,omitempty" protobuf:"bytes,9,opt,name=cephfs"`
@@ -446,7 +251,7 @@ type PersistentVolumeSource struct {
// More info: https://releases.k8s.io/HEAD/examples/volumes/storageos/README.md
// +optional
StorageOS *StorageOSPersistentVolumeSource `json:"storageos,omitempty" protobuf:"bytes,21,opt,name=storageos"`
- // CSI represents storage that handled by an external CSI driver (Beta feature).
+ // CSI represents storage that is handled by an external CSI driver (Beta feature).
// +optional
CSI *CSIPersistentVolumeSource `json:"csi,omitempty" protobuf:"bytes,22,opt,name=csi"`
}
@@ -458,10 +263,6 @@ const (
// MountOptionAnnotation defines mount option annotation used in PVs
MountOptionAnnotation = "volume.beta.kubernetes.io/mount-options"
-
- // AlphaStorageNodeAffinityAnnotation defines node affinity policies for a PersistentVolume.
- // Value is a string of the json representation of type NodeAffinity
- AlphaStorageNodeAffinityAnnotation = "volume.alpha.kubernetes.io/node-affinity"
)
// +genclient
@@ -528,7 +329,7 @@ type PersistentVolumeSpec struct {
MountOptions []string `json:"mountOptions,omitempty" protobuf:"bytes,7,opt,name=mountOptions"`
// volumeMode defines if a volume is intended to be used with a formatted filesystem
// or to remain in raw block state. Value of Filesystem is implied when not included in spec.
- // This is an alpha feature and may change in the future.
+ // This is a beta feature.
// +optional
VolumeMode *PersistentVolumeMode `json:"volumeMode,omitempty" protobuf:"bytes,8,opt,name=volumeMode,casttype=PersistentVolumeMode"`
// NodeAffinity defines constraints that limit what nodes this volume can be accessed from.
@@ -657,9 +458,19 @@ type PersistentVolumeClaimSpec struct {
StorageClassName *string `json:"storageClassName,omitempty" protobuf:"bytes,5,opt,name=storageClassName"`
// volumeMode defines what type of volume is required by the claim.
// Value of Filesystem is implied when not included in claim spec.
- // This is an alpha feature and may change in the future.
+ // This is a beta feature.
// +optional
VolumeMode *PersistentVolumeMode `json:"volumeMode,omitempty" protobuf:"bytes,6,opt,name=volumeMode,casttype=PersistentVolumeMode"`
+ // This field requires the VolumeSnapshotDataSource alpha feature gate to be
+ // enabled and currently VolumeSnapshot is the only supported data source.
+ // If the provisioner can support VolumeSnapshot data source, it will create
+ // a new volume and data will be restored to the volume at the same time.
+ // If the provisioner does not support VolumeSnapshot data source, volume will
+ // not be created and the failure will be reported as an event.
+ // In the future, we plan to support more data source types and the behavior
+ // of the provisioner may change.
+ // +optional
+ DataSource *TypedLocalObjectReference `json:"dataSource,omitempty" protobuf:"bytes,7,opt,name=dataSource"`
}
// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
@@ -715,7 +526,7 @@ type PersistentVolumeClaimStatus struct {
type PersistentVolumeAccessMode string
const (
- // can be mounted read/write mode to exactly 1 host
+ // can be mounted in read/write mode to exactly 1 host
ReadWriteOnce PersistentVolumeAccessMode = "ReadWriteOnce"
// can be mounted in read-only mode to many hosts
ReadOnlyMany PersistentVolumeAccessMode = "ReadOnlyMany"
@@ -828,6 +639,30 @@ type GlusterfsVolumeSource struct {
ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,3,opt,name=readOnly"`
}
+// Represents a Glusterfs mount that lasts the lifetime of a pod.
+// Glusterfs volumes do not support ownership management or SELinux relabeling.
+type GlusterfsPersistentVolumeSource struct {
+ // EndpointsName is the endpoint name that details Glusterfs topology.
+ // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod
+ EndpointsName string `json:"endpoints" protobuf:"bytes,1,opt,name=endpoints"`
+
+ // Path is the Glusterfs volume path.
+ // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod
+ Path string `json:"path" protobuf:"bytes,2,opt,name=path"`
+
+ // ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ // Defaults to false.
+ // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod
+ // +optional
+ ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,3,opt,name=readOnly"`
+
+ // EndpointsNamespace is the namespace that contains Glusterfs endpoint.
+ // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC.
+ // More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod
+ // +optional
+ EndpointsNamespace *string `json:"endpointsNamespace,omitempty" protobuf:"bytes,4,opt,name=endpointsNamespace"`
+}
+
// Represents a Rados Block Device mount that lasts the lifetime of a pod.
// RBD volumes support ownership management and SELinux relabeling.
type RBDVolumeSource struct {
@@ -935,6 +770,35 @@ type CinderVolumeSource struct {
// More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
// +optional
ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,3,opt,name=readOnly"`
+ // Optional: points to a secret object containing parameters used to connect
+ // to OpenStack.
+ // +optional
+ SecretRef *LocalObjectReference `json:"secretRef,omitempty" protobuf:"bytes,4,opt,name=secretRef"`
+}
+
+// Represents a cinder volume resource in Openstack.
+// A Cinder volume must exist before mounting to a container.
+// The volume must also be in the same region as the kubelet.
+// Cinder volumes support ownership management and SELinux relabeling.
+type CinderPersistentVolumeSource struct {
+ // volume id used to identify the volume in cinder
+ // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
+ VolumeID string `json:"volumeID" protobuf:"bytes,1,opt,name=volumeID"`
+ // Filesystem type to mount.
+ // Must be a filesystem type supported by the host operating system.
+ // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
+ // +optional
+ FSType string `json:"fsType,omitempty" protobuf:"bytes,2,opt,name=fsType"`
+ // Optional: Defaults to false (read/write). ReadOnly here will force
+ // the ReadOnly setting in VolumeMounts.
+ // More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
+ // +optional
+ ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,3,opt,name=readOnly"`
+ // Optional: points to a secret object containing parameters used to connect
+ // to OpenStack.
+ // +optional
+ SecretRef *SecretReference `json:"secretRef,omitempty" protobuf:"bytes,4,opt,name=secretRef"`
}
// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
@@ -1034,6 +898,8 @@ const (
ProtocolTCP Protocol = "TCP"
// ProtocolUDP is the UDP protocol.
ProtocolUDP Protocol = "UDP"
+ // ProtocolSCTP is the SCTP protocol.
+ ProtocolSCTP Protocol = "SCTP"
)
// Represents a Persistent Disk resource in Google Compute Engine.
@@ -1092,6 +958,11 @@ type QuobyteVolumeSource struct {
// Default is no group
// +optional
Group string `json:"group,omitempty" protobuf:"bytes,5,opt,name=group"`
+
+ // Tenant owning the given Quobyte volume in the Backend
+ // Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ // +optional
+ Tenant string `json:"tenant,omitempty" protobuf:"bytes,6,opt,name=tenant"`
}
// FlexPersistentVolumeSource represents a generic persistent volume resource that is
@@ -1179,6 +1050,10 @@ type AWSElasticBlockStoreVolumeSource struct {
// Represents a volume that is populated with the contents of a git repository.
// Git repo volumes do not support ownership management.
// Git repo volumes support SELinux relabeling.
+//
+// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+// into the Pod's container.
type GitRepoVolumeSource struct {
// Repository URL
Repository string `json:"repository" protobuf:"bytes,1,opt,name=repository"`
@@ -1219,7 +1094,7 @@ type SecretVolumeSource struct {
// mode, like fsGroup, and the result can be other mode bits set.
// +optional
DefaultMode *int32 `json:"defaultMode,omitempty" protobuf:"bytes,3,opt,name=defaultMode"`
- // Specify whether the Secret or it's keys must be defined
+ // Specify whether the Secret or its keys must be defined
// +optional
Optional *bool `json:"optional,omitempty" protobuf:"varint,4,opt,name=optional"`
}
@@ -1510,6 +1385,7 @@ type ScaleIOVolumeSource struct {
// +optional
StoragePool string `json:"storagePool,omitempty" protobuf:"bytes,6,opt,name=storagePool"`
// Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ // Default is ThinProvisioned.
// +optional
StorageMode string `json:"storageMode,omitempty" protobuf:"bytes,7,opt,name=storageMode"`
// The name of a volume already created in the ScaleIO system
@@ -1517,7 +1393,8 @@ type ScaleIOVolumeSource struct {
VolumeName string `json:"volumeName,omitempty" protobuf:"bytes,8,opt,name=volumeName"`
// Filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ // Ex. "ext4", "xfs", "ntfs".
+ // Default is "xfs".
// +optional
FSType string `json:"fsType,omitempty" protobuf:"bytes,9,opt,name=fsType"`
// Defaults to false (read/write). ReadOnly here will force
@@ -1545,6 +1422,7 @@ type ScaleIOPersistentVolumeSource struct {
// +optional
StoragePool string `json:"storagePool,omitempty" protobuf:"bytes,6,opt,name=storagePool"`
// Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ // Default is ThinProvisioned.
// +optional
StorageMode string `json:"storageMode,omitempty" protobuf:"bytes,7,opt,name=storageMode"`
// The name of a volume already created in the ScaleIO system
@@ -1552,7 +1430,8 @@ type ScaleIOPersistentVolumeSource struct {
VolumeName string `json:"volumeName,omitempty" protobuf:"bytes,8,opt,name=volumeName"`
// Filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
- // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ // Ex. "ext4", "xfs", "ntfs".
+ // Default is "xfs"
// +optional
FSType string `json:"fsType,omitempty" protobuf:"bytes,9,opt,name=fsType"`
// Defaults to false (read/write). ReadOnly here will force
@@ -1641,7 +1520,7 @@ type ConfigMapVolumeSource struct {
// mode, like fsGroup, and the result can be other mode bits set.
// +optional
DefaultMode *int32 `json:"defaultMode,omitempty" protobuf:"varint,3,opt,name=defaultMode"`
- // Specify whether the ConfigMap or it's keys must be defined
+ // Specify whether the ConfigMap or its keys must be defined
// +optional
Optional *bool `json:"optional,omitempty" protobuf:"varint,4,opt,name=optional"`
}
@@ -1668,11 +1547,35 @@ type ConfigMapProjection struct {
// relative and may not contain the '..' path or start with '..'.
// +optional
Items []KeyToPath `json:"items,omitempty" protobuf:"bytes,2,rep,name=items"`
- // Specify whether the ConfigMap or it's keys must be defined
+ // Specify whether the ConfigMap or its keys must be defined
// +optional
Optional *bool `json:"optional,omitempty" protobuf:"varint,4,opt,name=optional"`
}
+// ServiceAccountTokenProjection represents a projected service account token
+// volume. This projection can be used to insert a service account token into
+// the pods runtime filesystem for use against APIs (Kubernetes API Server or
+// otherwise).
+type ServiceAccountTokenProjection struct {
+ // Audience is the intended audience of the token. A recipient of a token
+ // must identify itself with an identifier specified in the audience of the
+ // token, and otherwise should reject the token. The audience defaults to the
+ // identifier of the apiserver.
+ //+optional
+ Audience string `json:"audience,omitempty" protobuf:"bytes,1,rep,name=audience"`
+ // ExpirationSeconds is the requested duration of validity of the service
+ // account token. As the token approaches expiration, the kubelet volume
+ // plugin will proactively rotate the service account token. The kubelet will
+ // start trying to rotate the token if the token is older than 80 percent of
+ // its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ // and must be at least 10 minutes.
+ //+optional
+ ExpirationSeconds *int64 `json:"expirationSeconds,omitempty" protobuf:"varint,2,opt,name=expirationSeconds"`
+ // Path is the path relative to the mount point of the file to project the
+ // token into.
+ Path string `json:"path" protobuf:"bytes,3,opt,name=path"`
+}
+
// Represents a projected volume source
type ProjectedVolumeSource struct {
// list of volume projections
@@ -1691,11 +1594,17 @@ type VolumeProjection struct {
// all types below are the supported types for projection into the same volume
// information about the secret data to project
+ // +optional
Secret *SecretProjection `json:"secret,omitempty" protobuf:"bytes,1,opt,name=secret"`
// information about the downwardAPI data to project
+ // +optional
DownwardAPI *DownwardAPIProjection `json:"downwardAPI,omitempty" protobuf:"bytes,2,opt,name=downwardAPI"`
// information about the configMap data to project
+ // +optional
ConfigMap *ConfigMapProjection `json:"configMap,omitempty" protobuf:"bytes,3,opt,name=configMap"`
+ // information about the serviceAccountToken data to project
+ // +optional
+ ServiceAccountToken *ServiceAccountTokenProjection `json:"serviceAccountToken,omitempty" protobuf:"bytes,4,opt,name=serviceAccountToken"`
}
const (
@@ -1720,12 +1629,18 @@ type KeyToPath struct {
Mode *int32 `json:"mode,omitempty" protobuf:"varint,3,opt,name=mode"`
}
-// Local represents directly-attached storage with node affinity
+// Local represents directly-attached storage with node affinity (Beta feature)
type LocalVolumeSource struct {
- // The full path to the volume on the node
- // For alpha, this path must be a directory
- // Once block as a source is supported, then this path can point to a block device
+ // The full path to the volume on the node.
+ // It can be either a directory or block device (disk, partition, ...).
Path string `json:"path" protobuf:"bytes,1,opt,name=path"`
+
+ // Filesystem type to mount.
+ // It applies only when the Path is a block device.
+ // Must be a filesystem type supported by the host operating system.
+ // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a fileystem if unspecified.
+ // +optional
+ FSType *string `json:"fsType,omitempty" protobuf:"bytes,2,opt,name=fsType"`
}
// Represents storage that is managed by an external CSI volume driver (Beta feature)
@@ -1757,7 +1672,7 @@ type CSIPersistentVolumeSource struct {
// ControllerPublishSecretRef is a reference to the secret object containing
// sensitive information to pass to the CSI driver to complete the CSI
// ControllerPublishVolume and ControllerUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
+ // This field is optional, and may be empty if no secret is required. If the
// secret object contains more than one secret, all secrets are passed.
// +optional
ControllerPublishSecretRef *SecretReference `json:"controllerPublishSecretRef,omitempty" protobuf:"bytes,6,opt,name=controllerPublishSecretRef"`
@@ -1765,7 +1680,7 @@ type CSIPersistentVolumeSource struct {
// NodeStageSecretRef is a reference to the secret object containing sensitive
// information to pass to the CSI driver to complete the CSI NodeStageVolume
// and NodeStageVolume and NodeUnstageVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
+ // This field is optional, and may be empty if no secret is required. If the
// secret object contains more than one secret, all secrets are passed.
// +optional
NodeStageSecretRef *SecretReference `json:"nodeStageSecretRef,omitempty" protobuf:"bytes,7,opt,name=nodeStageSecretRef"`
@@ -1773,10 +1688,50 @@ type CSIPersistentVolumeSource struct {
// NodePublishSecretRef is a reference to the secret object containing
// sensitive information to pass to the CSI driver to complete the CSI
// NodePublishVolume and NodeUnpublishVolume calls.
- // This field is optional, and may be empty if no secret is required. If the
+ // This field is optional, and may be empty if no secret is required. If the
// secret object contains more than one secret, all secrets are passed.
// +optional
NodePublishSecretRef *SecretReference `json:"nodePublishSecretRef,omitempty" protobuf:"bytes,8,opt,name=nodePublishSecretRef"`
+
+ // ControllerExpandSecretRef is a reference to the secret object containing
+ // sensitive information to pass to the CSI driver to complete the CSI
+ // ControllerExpandVolume call.
+ // This is an alpha field and requires enabling ExpandCSIVolumes feature gate.
+ // This field is optional, and may be empty if no secret is required. If the
+ // secret object contains more than one secret, all secrets are passed.
+ // +optional
+ ControllerExpandSecretRef *SecretReference `json:"controllerExpandSecretRef,omitempty" protobuf:"bytes,9,opt,name=controllerExpandSecretRef"`
+}
+
+// Represents a source location of a volume to mount, managed by an external CSI driver
+type CSIVolumeSource struct {
+ // Driver is the name of the CSI driver that handles this volume.
+ // Consult with your admin for the correct name as registered in the cluster.
+ Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"`
+
+ // Specifies a read-only configuration for the volume.
+ // Defaults to false (read/write).
+ // +optional
+ ReadOnly *bool `json:"readOnly,omitempty" protobuf:"varint,2,opt,name=readOnly"`
+
+ // Filesystem type to mount. Ex. "ext4", "xfs", "ntfs".
+ // If not provided, the empty value is passed to the associated CSI driver
+ // which will determine the default filesystem to apply.
+ // +optional
+ FSType *string `json:"fsType,omitempty" protobuf:"bytes,3,opt,name=fsType"`
+
+ // VolumeAttributes stores driver-specific properties that are passed to the CSI
+ // driver. Consult your driver's documentation for supported values.
+ // +optional
+ VolumeAttributes map[string]string `json:"volumeAttributes,omitempty" protobuf:"bytes,4,rep,name=volumeAttributes"`
+
+ // NodePublishSecretRef is a reference to the secret object containing
+ // sensitive information to pass to the CSI driver to complete the CSI
+ // NodePublishVolume and NodeUnpublishVolume calls.
+ // This field is optional, and may be empty if no secret is required. If the
+ // secret object contains more than one secret, all secret references are passed.
+ // +optional
+ NodePublishSecretRef *LocalObjectReference `json:"nodePublishSecretRef,omitempty" protobuf:"bytes,5,opt,name=nodePublishSecretRef"`
}
// ContainerPort represents a network port in a single container.
@@ -1795,7 +1750,7 @@ type ContainerPort struct {
// Number of port to expose on the pod's IP address.
// This must be a valid port number, 0 < x < 65536.
ContainerPort int32 `json:"containerPort" protobuf:"varint,3,opt,name=containerPort"`
- // Protocol for port. Must be UDP or TCP.
+ // Protocol for port. Must be UDP, TCP, or SCTP.
// Defaults to "TCP".
// +optional
Protocol Protocol `json:"protocol,omitempty" protobuf:"bytes,4,opt,name=protocol,casttype=Protocol"`
@@ -1825,6 +1780,13 @@ type VolumeMount struct {
// This field is beta in 1.10.
// +optional
MountPropagation *MountPropagationMode `json:"mountPropagation,omitempty" protobuf:"bytes,5,opt,name=mountPropagation,casttype=MountPropagationMode"`
+ // Expanded path within the volume from which the container's volume should be mounted.
+ // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ // Defaults to "" (volume's root).
+ // SubPathExpr and SubPath are mutually exclusive.
+ // This field is beta in 1.15.
+ // +optional
+ SubPathExpr string `json:"subPathExpr,omitempty" protobuf:"bytes,6,opt,name=subPathExpr"`
}
// MountPropagationMode describes mount propagation.
@@ -1927,7 +1889,7 @@ type ConfigMapKeySelector struct {
LocalObjectReference `json:",inline" protobuf:"bytes,1,opt,name=localObjectReference"`
// The key to select.
Key string `json:"key" protobuf:"bytes,2,opt,name=key"`
- // Specify whether the ConfigMap or it's key must be defined
+ // Specify whether the ConfigMap or its key must be defined
// +optional
Optional *bool `json:"optional,omitempty" protobuf:"varint,3,opt,name=optional"`
}
@@ -1938,7 +1900,7 @@ type SecretKeySelector struct {
LocalObjectReference `json:",inline" protobuf:"bytes,1,opt,name=localObjectReference"`
// The key of the secret to select from. Must be a valid secret key.
Key string `json:"key" protobuf:"bytes,2,opt,name=key"`
- // Specify whether the Secret or it's key must be defined
+ // Specify whether the Secret or its key must be defined
// +optional
Optional *bool `json:"optional,omitempty" protobuf:"varint,3,opt,name=optional"`
}
@@ -2084,6 +2046,16 @@ const (
PullIfNotPresent PullPolicy = "IfNotPresent"
)
+// PreemptionPolicy describes a policy for if/when to preempt a pod.
+type PreemptionPolicy string
+
+const (
+ // PreemptLowerPriority means that pod can preempt other pods with lower priority.
+ PreemptLowerPriority PreemptionPolicy = "PreemptLowerPriority"
+ // PreemptNever means that pod never preempts other pods with lower priority.
+ PreemptNever PreemptionPolicy = "Never"
+)
+
// TerminationMessagePolicy describes how termination messages are retrieved from a container.
type TerminationMessagePolicy string
@@ -2177,6 +2149,9 @@ type Container struct {
// +optional
// +patchMergeKey=containerPort
// +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=containerPort
+ // +listMapKey=protocol
Ports []ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
// List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. All invalid keys
@@ -2194,7 +2169,7 @@ type Container struct {
Env []EnvVar `json:"env,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=env"`
// Compute Resources required by this container.
// Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
// +optional
Resources ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,8,opt,name=resources"`
// Pod volumes to mount into the container's filesystem.
@@ -2204,7 +2179,7 @@ type Container struct {
// +patchStrategy=merge
VolumeMounts []VolumeMount `json:"volumeMounts,omitempty" patchStrategy:"merge" patchMergeKey:"mountPath" protobuf:"bytes,9,rep,name=volumeMounts"`
// volumeDevices is the list of block devices to be used by the container.
- // This is an alpha feature and may change in the future.
+ // This is a beta feature.
// +patchMergeKey=devicePath
// +patchStrategy=merge
// +optional
@@ -2306,11 +2281,15 @@ type Lifecycle struct {
// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
// +optional
PostStart *Handler `json:"postStart,omitempty" protobuf:"bytes,1,opt,name=postStart"`
- // PreStop is called immediately before a container is terminated.
- // The container is terminated after the handler completes.
- // The reason for termination is passed to the handler.
- // Regardless of the outcome of the handler, the container is eventually terminated.
- // Other management of the container blocks until the hook completes.
+ // PreStop is called immediately before a container is terminated due to an
+ // API request or management event such as liveness probe failure,
+ // preemption, resource contention, etc. The handler is not called if the
+ // container crashes or exits. The reason for termination is passed to the
+ // handler. The Pod's termination grace period countdown begins before the
+ // PreStop hooked is executed. Regardless of the outcome of the handler, the
+ // container will eventually terminate within the Pod's termination grace
+ // period. Other management of the container blocks until the hook completes
+ // or until the termination grace period is reached.
// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
// +optional
PreStop *Handler `json:"preStop,omitempty" protobuf:"bytes,2,opt,name=preStop"`
@@ -2441,13 +2420,19 @@ type PodConditionType string
// These are valid conditions of pod.
const (
- // PodScheduled represents status of the scheduling process for this pod.
- PodScheduled PodConditionType = "PodScheduled"
+ // ContainersReady indicates whether all containers in the pod are ready.
+ ContainersReady PodConditionType = "ContainersReady"
+ // PodInitialized means that all init containers in the pod have started successfully.
+ PodInitialized PodConditionType = "Initialized"
// PodReady means the pod is able to service requests and should be added to the
// load balancing pools of all matching services.
PodReady PodConditionType = "Ready"
- // PodInitialized means that all init containers in the pod have started successfully.
- PodInitialized PodConditionType = "Initialized"
+ // PodScheduled represents status of the scheduling process for this pod.
+ PodScheduled PodConditionType = "PodScheduled"
+)
+
+// These are reasons for a pod's transition to a condition.
+const (
// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler
// can't schedule the pod right now, for example due to insufficient resources in the cluster.
PodReasonUnschedulable = "Unschedulable"
@@ -2456,7 +2441,6 @@ const (
// PodCondition contains details for the current condition of this pod.
type PodCondition struct {
// Type is the type of the condition.
- // Currently only Ready.
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
Type PodConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=PodConditionType"`
// Status is the status of the condition.
@@ -2527,10 +2511,16 @@ type NodeSelector struct {
NodeSelectorTerms []NodeSelectorTerm `json:"nodeSelectorTerms" protobuf:"bytes,1,rep,name=nodeSelectorTerms"`
}
-// A null or empty node selector term matches no objects.
+// A null or empty node selector term matches no objects. The requirements of
+// them are ANDed.
+// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
type NodeSelectorTerm struct {
- //Required. A list of node selector requirements. The requirements are ANDed.
- MatchExpressions []NodeSelectorRequirement `json:"matchExpressions" protobuf:"bytes,1,rep,name=matchExpressions"`
+ // A list of node selector requirements by node's labels.
+ // +optional
+ MatchExpressions []NodeSelectorRequirement `json:"matchExpressions,omitempty" protobuf:"bytes,1,rep,name=matchExpressions"`
+ // A list of node selector requirements by node's fields.
+ // +optional
+ MatchFields []NodeSelectorRequirement `json:"matchFields,omitempty" protobuf:"bytes,2,rep,name=matchFields"`
}
// A node selector requirement is a selector that contains values, a key, and an operator
@@ -2563,6 +2553,27 @@ const (
NodeSelectorOpLt NodeSelectorOperator = "Lt"
)
+// A topology selector term represents the result of label queries.
+// A null or empty topology selector term matches no objects.
+// The requirements of them are ANDed.
+// It provides a subset of functionality as NodeSelectorTerm.
+// This is an alpha feature and may change in the future.
+type TopologySelectorTerm struct {
+ // A list of topology selector requirements by labels.
+ // +optional
+ MatchLabelExpressions []TopologySelectorLabelRequirement `json:"matchLabelExpressions,omitempty" protobuf:"bytes,1,rep,name=matchLabelExpressions"`
+}
+
+// A topology selector requirement is a selector that matches given label.
+// This is an alpha feature and may change in the future.
+type TopologySelectorLabelRequirement struct {
+ // The label key that the selector applies to.
+ Key string `json:"key" protobuf:"bytes,1,opt,name=key"`
+ // An array of string values. One value must match the label to be selected.
+ // Each entry in Values is ORed.
+ Values []string `json:"values" protobuf:"bytes,2,rep,name=values"`
+}
+
// Affinity is a group of affinity scheduling rules.
type Affinity struct {
// Describes node affinity scheduling rules for the pod.
@@ -2795,6 +2806,12 @@ const (
TolerationOpEqual TolerationOperator = "Equal"
)
+// PodReadinessGate contains the reference to a pod condition
+type PodReadinessGate struct {
+ // ConditionType refers to a condition in the pod's condition list with matching type.
+ ConditionType PodConditionType `json:"conditionType" protobuf:"bytes,1,opt,name=conditionType,casttype=PodConditionType"`
+}
+
// PodSpec is a description of a pod.
type PodSpec struct {
// List of volumes that can be mounted by containers belonging to the pod.
@@ -2899,7 +2916,7 @@ type PodSpec struct {
// in the same pod, and the first process in each container will not be assigned PID 1.
// HostPID and ShareProcessNamespace cannot both be set.
// Optional: Default to false.
- // This field is alpha-level and is honored only by servers that enable the PodShareProcessNamespace feature.
+ // This field is beta-level and may be disabled with the PodShareProcessNamespace feature.
// +k8s:conversion-gen=false
// +optional
ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty" protobuf:"varint,27,opt,name=shareProcessNamespace"`
@@ -2959,8 +2976,48 @@ type PodSpec struct {
// configuration based on DNSPolicy.
// +optional
DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"`
+ // If specified, all readiness gates will be evaluated for pod readiness.
+ // A pod is ready when all its containers are ready AND
+ // all conditions specified in the readiness gates have status equal to "True"
+ // More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md
+ // +optional
+ ReadinessGates []PodReadinessGate `json:"readinessGates,omitempty" protobuf:"bytes,28,opt,name=readinessGates"`
+ // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+ // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
+ // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+ // empty definition that uses the default runtime handler.
+ // More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
+ // This is a beta feature as of Kubernetes v1.14.
+ // +optional
+ RuntimeClassName *string `json:"runtimeClassName,omitempty" protobuf:"bytes,29,opt,name=runtimeClassName"`
+ // EnableServiceLinks indicates whether information about services should be injected into pod's
+ // environment variables, matching the syntax of Docker links.
+ // Optional: Defaults to true.
+ // +optional
+ EnableServiceLinks *bool `json:"enableServiceLinks,omitempty" protobuf:"varint,30,opt,name=enableServiceLinks"`
+ // PreemptionPolicy is the Policy for preempting pods with lower priority.
+ // One of Never, PreemptLowerPriority.
+ // Defaults to PreemptLowerPriority if unset.
+ // This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.
+ // +optional
+ PreemptionPolicy *PreemptionPolicy `json:"preemptionPolicy,omitempty" protobuf:"bytes,31,opt,name=preemptionPolicy"`
+ // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+ // This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+ // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+ // The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+ // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
+ // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
+ // More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md
+ // This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.
+ // +optional
+ Overhead ResourceList `json:"overhead,omitempty" protobuf:"bytes,32,opt,name=overhead"`
}
+const (
+ // The default value for enableServiceLinks attribute.
+ DefaultEnableServiceLinks = true
+)
+
// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
// pod's hosts file.
type HostAlias struct {
@@ -2981,6 +3038,9 @@ type PodSecurityContext struct {
// takes precedence for that container.
// +optional
SELinuxOptions *SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,1,opt,name=seLinuxOptions"`
+ // Windows security options.
+ // +optional
+ WindowsOptions *WindowsSecurityContextOptions `json:"windowsOptions,omitempty" protobuf:"bytes,8,opt,name=windowsOptions"`
// The UID to run the entrypoint of the container process.
// Defaults to user specified in image metadata if unspecified.
// May also be set in SecurityContext. If set in both SecurityContext and
@@ -3019,6 +3079,10 @@ type PodSecurityContext struct {
// If unset, the Kubelet will not modify the ownership and permissions of any volume.
// +optional
FSGroup *int64 `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup"`
+ // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ // sysctls (by the container runtime) might fail to launch.
+ // +optional
+ Sysctls []Sysctl `json:"sysctls,omitempty" protobuf:"bytes,7,rep,name=sysctls"`
}
// PodQOSClass defines the supported qos classes of Pods.
@@ -3063,9 +3127,26 @@ type PodDNSConfigOption struct {
}
// PodStatus represents information about the status of a pod. Status may trail the actual
-// state of a system.
+// state of a system, especially if the node that hosts the pod cannot contact the control
+// plane.
type PodStatus struct {
- // Current condition of the pod.
+ // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle.
+ // The conditions array, the reason and message fields, and the individual container status
+ // arrays contain more detail about the pod's status.
+ // There are five possible phase values:
+ //
+ // Pending: The pod has been accepted by the Kubernetes system, but one or more of the
+ // container images has not been created. This includes time before being scheduled as
+ // well as time spent downloading images over the network, which could take a while.
+ // Running: The pod has been bound to a node, and all of the containers have been created.
+ // At least one container is still running, or is in the process of starting or restarting.
+ // Succeeded: All containers in the pod have terminated in success, and will not be restarted.
+ // Failed: All containers in the pod have terminated, and at least one container has
+ // terminated in failure. The container either exited with non-zero status or was terminated
+ // by the system.
+ // Unknown: For some reason the state of the pod could not be obtained, typically due to an
+ // error in communicating with the host of the pod.
+ //
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
// +optional
Phase PodPhase `json:"phase,omitempty" protobuf:"bytes,1,opt,name=phase,casttype=PodPhase"`
@@ -3320,8 +3401,8 @@ type ReplicationControllerCondition struct {
}
// +genclient
-// +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/extensions/v1beta1.Scale
-// +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/extensions/v1beta1.Scale,result=k8s.io/api/extensions/v1beta1.Scale
+// +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/autoscaling/v1.Scale
+// +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/autoscaling/v1.Scale,result=k8s.io/api/autoscaling/v1.Scale
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ReplicationController represents the configuration of a replication controller.
@@ -3461,6 +3542,9 @@ type ServiceSpec struct {
// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
// +patchMergeKey=port
// +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=port
+ // +listMapKey=protocol
Ports []ServicePort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"port" protobuf:"bytes,1,rep,name=ports"`
// Route service traffic to pods with label keys and values matching this
@@ -3497,7 +3581,7 @@ type ServiceSpec struct {
// "LoadBalancer" builds on NodePort and creates an
// external load-balancer (if supported in the current cloud) which routes
// to the clusterIP.
- // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types
+ // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
// +optional
Type ServiceType `json:"type,omitempty" protobuf:"bytes,4,opt,name=type,casttype=ServiceType"`
@@ -3562,9 +3646,6 @@ type ServiceSpec struct {
// The primary use case for setting this field is to use a StatefulSet's Headless Service
// to propagate SRV records for its Pods without respect to their readiness for purpose
// of peer discovery.
- // This field will replace the service.alpha.kubernetes.io/tolerate-unready-endpoints
- // when that annotation is deprecated and all clients have been converted to use this
- // field.
// +optional
PublishNotReadyAddresses bool `json:"publishNotReadyAddresses,omitempty" protobuf:"varint,13,opt,name=publishNotReadyAddresses"`
// sessionAffinityConfig contains the configurations of session affinity.
@@ -3581,7 +3662,7 @@ type ServicePort struct {
// +optional
Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
- // The IP protocol for this port. Supports "TCP" and "UDP".
+ // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
// Default is TCP.
// +optional
Protocol Protocol `json:"protocol,omitempty" protobuf:"bytes,2,opt,name=protocol,casttype=Protocol"`
@@ -3610,6 +3691,7 @@ type ServicePort struct {
}
// +genclient
+// +genclient:skipVerbs=deleteCollection
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Service is a named abstraction of software service (for example, mysql) consisting of local port
@@ -3794,7 +3876,7 @@ type EndpointPort struct {
Port int32 `json:"port" protobuf:"varint,2,opt,name=port"`
// The IP protocol for this port.
- // Must be UDP or TCP.
+ // Must be UDP, TCP, or SCTP.
// Default is TCP.
// +optional
Protocol Protocol `json:"protocol,omitempty" protobuf:"bytes,3,opt,name=protocol,casttype=Protocol"`
@@ -3819,10 +3901,6 @@ type NodeSpec struct {
// PodCIDR represents the pod IP range assigned to the node.
// +optional
PodCIDR string `json:"podCIDR,omitempty" protobuf:"bytes,1,opt,name=podCIDR"`
- // External ID of the node assigned by some machine database (e.g. a cloud provider).
- // Deprecated.
- // +optional
- ExternalID string `json:"externalID,omitempty" protobuf:"bytes,2,opt,name=externalID"`
// ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
// +optional
ProviderID string `json:"providerID,omitempty" protobuf:"bytes,3,opt,name=providerID"`
@@ -3837,14 +3915,53 @@ type NodeSpec struct {
// The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field
// +optional
ConfigSource *NodeConfigSource `json:"configSource,omitempty" protobuf:"bytes,6,opt,name=configSource"`
-}
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+ // Deprecated. Not all kubelets will set this field. Remove field after 1.13.
+ // see: https://issues.k8s.io/61966
+ // +optional
+ DoNotUse_ExternalID string `json:"externalID,omitempty" protobuf:"bytes,2,opt,name=externalID"`
+}
// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.
type NodeConfigSource struct {
- metav1.TypeMeta `json:",inline"`
- ConfigMapRef *ObjectReference `json:"configMapRef,omitempty" protobuf:"bytes,1,opt,name=configMapRef"`
+ // For historical context, regarding the below kind, apiVersion, and configMapRef deprecation tags:
+ // 1. kind/apiVersion were used by the kubelet to persist this struct to disk (they had no protobuf tags)
+ // 2. configMapRef and proto tag 1 were used by the API to refer to a configmap,
+ // but used a generic ObjectReference type that didn't really have the fields we needed
+ // All uses/persistence of the NodeConfigSource struct prior to 1.11 were gated by alpha feature flags,
+ // so there was no persisted data for these fields that needed to be migrated/handled.
+
+ // +k8s:deprecated=kind
+ // +k8s:deprecated=apiVersion
+ // +k8s:deprecated=configMapRef,protobuf=1
+
+ // ConfigMap is a reference to a Node's ConfigMap
+ ConfigMap *ConfigMapNodeConfigSource `json:"configMap,omitempty" protobuf:"bytes,2,opt,name=configMap"`
+}
+
+// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.
+type ConfigMapNodeConfigSource struct {
+ // Namespace is the metadata.namespace of the referenced ConfigMap.
+ // This field is required in all cases.
+ Namespace string `json:"namespace" protobuf:"bytes,1,opt,name=namespace"`
+
+ // Name is the metadata.name of the referenced ConfigMap.
+ // This field is required in all cases.
+ Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
+
+ // UID is the metadata.UID of the referenced ConfigMap.
+ // This field is forbidden in Node.Spec, and required in Node.Status.
+ // +optional
+ UID types.UID `json:"uid,omitempty" protobuf:"bytes,3,opt,name=uid"`
+
+ // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap.
+ // This field is forbidden in Node.Spec, and required in Node.Status.
+ // +optional
+ ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,4,opt,name=resourceVersion"`
+
+ // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure
+ // This field is required in all cases.
+ KubeletConfigKey string `json:"kubeletConfigKey" protobuf:"bytes,5,opt,name=kubeletConfigKey"`
}
// DaemonEndpoint contains information about a single Daemon endpoint.
@@ -3894,6 +4011,53 @@ type NodeSystemInfo struct {
Architecture string `json:"architecture" protobuf:"bytes,10,opt,name=architecture"`
}
+// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
+type NodeConfigStatus struct {
+ // Assigned reports the checkpointed config the node will try to use.
+ // When Node.Spec.ConfigSource is updated, the node checkpoints the associated
+ // config payload to local disk, along with a record indicating intended
+ // config. The node refers to this record to choose its config checkpoint, and
+ // reports this record in Assigned. Assigned only updates in the status after
+ // the record has been checkpointed to disk. When the Kubelet is restarted,
+ // it tries to make the Assigned config the Active config by loading and
+ // validating the checkpointed payload identified by Assigned.
+ // +optional
+ Assigned *NodeConfigSource `json:"assigned,omitempty" protobuf:"bytes,1,opt,name=assigned"`
+ // Active reports the checkpointed config the node is actively using.
+ // Active will represent either the current version of the Assigned config,
+ // or the current LastKnownGood config, depending on whether attempting to use the
+ // Assigned config results in an error.
+ // +optional
+ Active *NodeConfigSource `json:"active,omitempty" protobuf:"bytes,2,opt,name=active"`
+ // LastKnownGood reports the checkpointed config the node will fall back to
+ // when it encounters an error attempting to use the Assigned config.
+ // The Assigned config becomes the LastKnownGood config when the node determines
+ // that the Assigned config is stable and correct.
+ // This is currently implemented as a 10-minute soak period starting when the local
+ // record of Assigned config is updated. If the Assigned config is Active at the end
+ // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is
+ // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil,
+ // because the local default config is always assumed good.
+ // You should not make assumptions about the node's method of determining config stability
+ // and correctness, as this may change or become configurable in the future.
+ // +optional
+ LastKnownGood *NodeConfigSource `json:"lastKnownGood,omitempty" protobuf:"bytes,3,opt,name=lastKnownGood"`
+ // Error describes any problems reconciling the Spec.ConfigSource to the Active config.
+ // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned
+ // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting
+ // to load or validate the Assigned config, etc.
+ // Errors may occur at different points while syncing config. Earlier errors (e.g. download or
+ // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across
+ // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in
+ // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error
+ // by fixing the config assigned in Spec.ConfigSource.
+ // You can find additional information for debugging by searching the error message in the Kubelet log.
+ // Error is a human-readable description of the error state; machines can check whether or not Error
+ // is empty, but should not rely on the stability of the Error text across Kubelet versions.
+ // +optional
+ Error string `json:"error,omitempty" protobuf:"bytes,4,opt,name=error"`
+}
+
// NodeStatus is information about the current status of a node.
type NodeStatus struct {
// Capacity represents the total resources of a node.
@@ -3938,6 +4102,9 @@ type NodeStatus struct {
// List of volumes that are attached to the node.
// +optional
VolumesAttached []AttachedVolume `json:"volumesAttached,omitempty" protobuf:"bytes,10,rep,name=volumesAttached"`
+ // Status of the config assigned to the node via the dynamic Kubelet config feature.
+ // +optional
+ Config *NodeConfigStatus `json:"config,omitempty" protobuf:"bytes,11,opt,name=config"`
}
type UniqueVolumeName string
@@ -4025,8 +4192,6 @@ const (
NodePIDPressure NodeConditionType = "PIDPressure"
// NodeNetworkUnavailable means that network for the node is not correctly configured.
NodeNetworkUnavailable NodeConditionType = "NetworkUnavailable"
- // NodeKubeletConfigOk indicates whether the kubelet is correctly configured
- NodeKubeletConfigOk NodeConditionType = "KubeletConfigOk"
)
// NodeCondition contains condition information for a node.
@@ -4086,8 +4251,6 @@ const (
// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
// The resource name for ResourceEphemeralStorage is alpha and it can change across releases.
ResourceEphemeralStorage ResourceName = "ephemeral-storage"
- // NVIDIA GPU, in devices. Alpha, might change: although fractional and allowing values >1, only one whole device per node is assigned.
- ResourceNvidiaGPU ResourceName = "alpha.kubernetes.io/nvidia-gpu"
)
const (
@@ -4095,6 +4258,8 @@ const (
ResourceDefaultNamespacePrefix = "kubernetes.io/"
// Name prefix for huge page resources (alpha).
ResourceHugePagesPrefix = "hugepages-"
+ // Name prefix for storage resource limits
+ ResourceAttachableVolumesPrefix = "attachable-volumes-"
)
// ResourceList is a set of (resource name, quantity) pairs.
@@ -4177,6 +4342,7 @@ const (
// +genclient
// +genclient:nonNamespaced
+// +genclient:skipVerbs=deleteCollection
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Namespace provides a scope for Names.
@@ -4237,95 +4403,6 @@ type Preconditions struct {
UID *types.UID `json:"uid,omitempty" protobuf:"bytes,1,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"`
}
-// DeletionPropagation decides if a deletion will propagate to the dependents of the object, and how the garbage collector will handle the propagation.
-type DeletionPropagation string
-
-const (
- // Orphans the dependents.
- DeletePropagationOrphan DeletionPropagation = "Orphan"
- // Deletes the object from the key-value store, the garbage collector will delete the dependents in the background.
- DeletePropagationBackground DeletionPropagation = "Background"
- // The object exists in the key-value store until the garbage collector deletes all the dependents whose ownerReference.blockOwnerDeletion=true from the key-value store.
- // API sever will put the "DeletingDependents" finalizer on the object, and sets its deletionTimestamp.
- // This policy is cascading, i.e., the dependents will be deleted with Foreground.
- DeletePropagationForeground DeletionPropagation = "Foreground"
-)
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// DeleteOptions may be provided when deleting an API object
-// DEPRECATED: This type has been moved to meta/v1 and will be removed soon.
-// +k8s:openapi-gen=false
-type DeleteOptions struct {
- metav1.TypeMeta `json:",inline"`
-
- // The duration in seconds before the object should be deleted. Value must be non-negative integer.
- // The value zero indicates delete immediately. If this value is nil, the default grace period for the
- // specified type will be used.
- // Defaults to a per object value if not specified. zero means delete immediately.
- // +optional
- GracePeriodSeconds *int64 `json:"gracePeriodSeconds,omitempty" protobuf:"varint,1,opt,name=gracePeriodSeconds"`
-
- // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be
- // returned.
- // +optional
- Preconditions *Preconditions `json:"preconditions,omitempty" protobuf:"bytes,2,opt,name=preconditions"`
-
- // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7.
- // Should the dependent objects be orphaned. If true/false, the "orphan"
- // finalizer will be added to/removed from the object's finalizers list.
- // Either this field or PropagationPolicy may be set, but not both.
- // +optional
- OrphanDependents *bool `json:"orphanDependents,omitempty" protobuf:"varint,3,opt,name=orphanDependents"`
-
- // Whether and how garbage collection will be performed.
- // Either this field or OrphanDependents may be set, but not both.
- // The default policy is decided by the existing finalizer set in the
- // metadata.finalizers and the resource-specific default policy.
- // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' -
- // allow the garbage collector to delete the dependents in the background;
- // 'Foreground' - a cascading policy that deletes all dependents in the
- // foreground.
- // +optional
- PropagationPolicy *DeletionPropagation `protobuf:"bytes,4,opt,name=propagationPolicy,casttype=DeletionPropagation"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ListOptions is the query options to a standard REST list call.
-// DEPRECATED: This type has been moved to meta/v1 and will be removed soon.
-// +k8s:openapi-gen=false
-type ListOptions struct {
- metav1.TypeMeta `json:",inline"`
-
- // A selector to restrict the list of returned objects by their labels.
- // Defaults to everything.
- // +optional
- LabelSelector string `json:"labelSelector,omitempty" protobuf:"bytes,1,opt,name=labelSelector"`
- // A selector to restrict the list of returned objects by their fields.
- // Defaults to everything.
- // +optional
- FieldSelector string `json:"fieldSelector,omitempty" protobuf:"bytes,2,opt,name=fieldSelector"`
- // If true, partially initialized resources are included in the response.
- // +optional
- IncludeUninitialized bool `json:"includeUninitialized,omitempty" protobuf:"varint,6,opt,name=includeUninitialized"`
- // Watch for changes to the described resources and return them as a stream of
- // add, update, and remove notifications. Specify resourceVersion.
- // +optional
- Watch bool `json:"watch,omitempty" protobuf:"varint,3,opt,name=watch"`
- // When specified with a watch call, shows changes that occur after that particular version of a resource.
- // Defaults to changes from the beginning of history.
- // When specified for list:
- // - if unset, then the result is returned from remote storage based on quorum-read flag;
- // - if it's 0, then we simply return what we currently have in cache, no guarantee;
- // - if set to non zero, then the result is at least as fresh as given rv.
- // +optional
- ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,4,opt,name=resourceVersion"`
- // Timeout for the list/watch call.
- // +optional
- TimeoutSeconds *int64 `json:"timeoutSeconds,omitempty" protobuf:"varint,5,opt,name=timeoutSeconds"`
-}
-
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodLogOptions is the query options for a Pod's logs REST call.
@@ -4546,6 +4623,20 @@ type LocalObjectReference struct {
Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
}
+// TypedLocalObjectReference contains enough information to let you locate the
+// typed referenced object inside the same namespace.
+type TypedLocalObjectReference struct {
+ // APIGroup is the group for the resource being referenced.
+ // If APIGroup is not specified, the specified Kind must be in the core API group.
+ // For any other third-party types, APIGroup is required.
+ // +optional
+ APIGroup *string `json:"apiGroup" protobuf:"bytes,1,opt,name=apiGroup"`
+ // Kind is the type of resource being referenced
+ Kind string `json:"kind" protobuf:"bytes,2,opt,name=kind"`
+ // Name is the name of resource being referenced
+ Name string `json:"name" protobuf:"bytes,3,opt,name=name"`
+}
+
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// SerializedReference is a reference to serialized object.
@@ -4651,6 +4742,7 @@ type EventSeries struct {
// Time of the last occurrence observed
LastObservedTime metav1.MicroTime `json:"lastObservedTime,omitempty" protobuf:"bytes,2,name=lastObservedTime"`
// State of this Series: Ongoing or Finished
+ // Deprecated. Planned removal for 1.18
State EventSeriesState `json:"state,omitempty" protobuf:"bytes,3,name=state"`
}
@@ -4810,11 +4902,13 @@ const (
ResourceQuotaScopeBestEffort ResourceQuotaScope = "BestEffort"
// Match all pod objects that do not have best effort quality of service
ResourceQuotaScopeNotBestEffort ResourceQuotaScope = "NotBestEffort"
+ // Match all pod objects that have priority class mentioned
+ ResourceQuotaScopePriorityClass ResourceQuotaScope = "PriorityClass"
)
// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
type ResourceQuotaSpec struct {
- // Hard is the set of desired hard limits for each named resource.
+ // hard is the set of desired hard limits for each named resource.
// More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
// +optional
Hard ResourceList `json:"hard,omitempty" protobuf:"bytes,1,rep,name=hard,casttype=ResourceList,castkey=ResourceName"`
@@ -4822,8 +4916,48 @@ type ResourceQuotaSpec struct {
// If not specified, the quota matches all objects.
// +optional
Scopes []ResourceQuotaScope `json:"scopes,omitempty" protobuf:"bytes,2,rep,name=scopes,casttype=ResourceQuotaScope"`
+ // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
+ // but expressed using ScopeSelectorOperator in combination with possible values.
+ // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
+ // +optional
+ ScopeSelector *ScopeSelector `json:"scopeSelector,omitempty" protobuf:"bytes,3,opt,name=scopeSelector"`
+}
+
+// A scope selector represents the AND of the selectors represented
+// by the scoped-resource selector requirements.
+type ScopeSelector struct {
+ // A list of scope selector requirements by scope of the resources.
+ // +optional
+ MatchExpressions []ScopedResourceSelectorRequirement `json:"matchExpressions,omitempty" protobuf:"bytes,1,rep,name=matchExpressions"`
+}
+
+// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
+// that relates the scope name and values.
+type ScopedResourceSelectorRequirement struct {
+ // The name of the scope that the selector applies to.
+ ScopeName ResourceQuotaScope `json:"scopeName" protobuf:"bytes,1,opt,name=scopeName"`
+ // Represents a scope's relationship to a set of values.
+ // Valid operators are In, NotIn, Exists, DoesNotExist.
+ Operator ScopeSelectorOperator `json:"operator" protobuf:"bytes,2,opt,name=operator,casttype=ScopedResourceSelectorOperator"`
+ // An array of string values. If the operator is In or NotIn,
+ // the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ // the values array must be empty.
+ // This array is replaced during a strategic merge patch.
+ // +optional
+ Values []string `json:"values,omitempty" protobuf:"bytes,3,rep,name=values"`
}
+// A scope selector operator is the set of operators that can be used in
+// a scope selector requirement.
+type ScopeSelectorOperator string
+
+const (
+ ScopeSelectorOpIn ScopeSelectorOperator = "In"
+ ScopeSelectorOpNotIn ScopeSelectorOperator = "NotIn"
+ ScopeSelectorOpExists ScopeSelectorOperator = "Exists"
+ ScopeSelectorOpDoesNotExist ScopeSelectorOperator = "DoesNotExist"
+)
+
// ResourceQuotaStatus defines the enforced hard limits and observed use.
type ResourceQuotaStatus struct {
// Hard is the set of enforced hard limits for each named resource.
@@ -4985,6 +5119,10 @@ const (
TLSCertKey = "tls.crt"
// TLSPrivateKeyKey is the key for the private key field in a TLS secret.
TLSPrivateKeyKey = "tls.key"
+ // SecretTypeBootstrapToken is used during the automated bootstrap process (first
+ // implemented by kubeadm). It stores tokens that are used to sign well known
+ // ConfigMaps. They are used for authn.
+ SecretTypeBootstrapToken SecretType = "bootstrap.kubernetes.io/token"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -5171,6 +5309,9 @@ type SecurityContext struct {
// PodSecurityContext, the value specified in SecurityContext takes precedence.
// +optional
SELinuxOptions *SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,3,opt,name=seLinuxOptions"`
+ // Windows security options.
+ // +optional
+ WindowsOptions *WindowsSecurityContextOptions `json:"windowsOptions,omitempty" protobuf:"bytes,10,opt,name=windowsOptions"`
// The UID to run the entrypoint of the container process.
// Defaults to user specified in image metadata if unspecified.
// May also be set in PodSecurityContext. If set in both SecurityContext and
@@ -5203,8 +5344,28 @@ type SecurityContext struct {
// 2) has CAP_SYS_ADMIN
// +optional
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,7,opt,name=allowPrivilegeEscalation"`
+ // procMount denotes the type of proc mount to use for the containers.
+ // The default is DefaultProcMount which uses the container runtime defaults for
+ // readonly paths and masked paths.
+ // This requires the ProcMountType feature flag to be enabled.
+ // +optional
+ ProcMount *ProcMountType `json:"procMount,omitempty" protobuf:"bytes,9,opt,name=procMount"`
}
+type ProcMountType string
+
+const (
+ // DefaultProcMount uses the container runtime defaults for readonly and masked
+ // paths for /proc. Most container runtimes mask certain paths in /proc to avoid
+ // accidental security exposure of special devices or information.
+ DefaultProcMount ProcMountType = "Default"
+
+ // UnmaskedProcMount bypasses the default masking behavior of the container
+ // runtime and ensures the newly created /proc the container stays in tact with
+ // no modifications.
+ UnmaskedProcMount ProcMountType = "Unmasked"
+)
+
// SELinuxOptions are the labels to be applied to the container
type SELinuxOptions struct {
// User is a SELinux user label that applies to the container.
@@ -5221,6 +5382,21 @@ type SELinuxOptions struct {
Level string `json:"level,omitempty" protobuf:"bytes,4,opt,name=level"`
}
+// WindowsSecurityContextOptions contain Windows-specific options and credentials.
+type WindowsSecurityContextOptions struct {
+ // GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ // This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.
+ // +optional
+ GMSACredentialSpecName *string `json:"gmsaCredentialSpecName,omitempty" protobuf:"bytes,1,opt,name=gmsaCredentialSpecName"`
+
+ // GMSACredentialSpec is where the GMSA admission webhook
+ // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ // GMSA credential spec named by the GMSACredentialSpecName field.
+ // This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.
+ // +optional
+ GMSACredentialSpec *string `json:"gmsaCredentialSpec,omitempty" protobuf:"bytes,2,opt,name=gmsaCredentialSpec"`
+}
+
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// RangeAllocation is not a public type.
@@ -5251,9 +5427,9 @@ const (
// Sysctl defines a kernel parameter to be set
type Sysctl struct {
// Name of a property to set
- Name string `protobuf:"bytes,1,opt,name=name"`
+ Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
// Value of a property to set
- Value string `protobuf:"bytes,2,opt,name=value"`
+ Value string `json:"value" protobuf:"bytes,2,opt,name=value"`
}
// NodeResources is an object for conveying resource information about a node.
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-19 21:42:55 +0000