diff --git a/Makefile b/Makefile
index 8718c3c..f639e5f 100644
--- a/Makefile
+++ b/Makefile
@@ -28,7 +28,7 @@ controller-gen:
GOLANGCI_LINT = ./bin/golangci-lint
colanci-lint-bin:
- $(call go-get-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.10.1)
+ $(call go-get-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.6.2)
CRD_DOCS = bin/crd-ref-docs
crd-docs-gen:
diff --git a/apis/proxy/v1alpha1/instance_types.go b/apis/proxy/v1alpha1/instance_types.go
index ce761f6..7b4ccac 100644
--- a/apis/proxy/v1alpha1/instance_types.go
+++ b/apis/proxy/v1alpha1/instance_types.go
@@ -39,6 +39,9 @@ type InstanceSpec struct {
// Resources defines the resource requirements for the HAProxy pods.
// +optional
Resources *corev1.ResourceRequirements `json:"resources"`
+ // InitContainers additional init containers
+ // +optional
+ InitContainers []corev1.Container `json:"initContainers,omitempty"`
// Sidecars additional sidecar containers
// +optional
Sidecars []corev1.Container `json:"sidecars,omitempty"`
@@ -167,7 +170,7 @@ func (m *Metrics) AddToParser(p parser.Parser) error {
StatsOptions: &models.StatsOptions{
StatsEnable: true,
StatsURIPrefix: "/stats",
- StatsRefreshDelay: ptr.To((10 * time.Second).Milliseconds()),
+ StatsRefreshDelay: new((10 * time.Second).Milliseconds()),
},
},
}
@@ -183,7 +186,7 @@ func (m *Metrics) AddToParser(p parser.Parser) error {
BindParams: models.BindParams{
Name: "metrics",
},
- Port: ptr.To(int64(m.Port)),
+ Port: new(int64(m.Port)),
Address: ptr.Deref(m.Address, "0.0.0.0"),
}
configOpts = &options.ConfigurationOptions{}
@@ -300,12 +303,12 @@ func (g *GlobalConfiguration) Model() (models.Global, error) {
}
if g.StatsTimeout != nil {
- global.StatsTimeout = ptr.To(g.StatsTimeout.Milliseconds())
+ global.StatsTimeout = new(g.StatsTimeout.Milliseconds())
}
if g.Reload {
global.RuntimeAPIs = append(global.RuntimeAPIs, &models.RuntimeAPI{
- Address: ptr.To("/var/lib/haproxy/run/haproxy.sock"),
+ Address: new("/var/lib/haproxy/run/haproxy.sock"),
BindParams: models.BindParams{
ExposeFdListeners: true,
Level: "admin",
@@ -367,7 +370,7 @@ func (g *GlobalConfiguration) Model() (models.Global, error) {
}
if g.HardStopAfter != nil {
- global.HardStopAfter = ptr.To(g.HardStopAfter.Milliseconds())
+ global.HardStopAfter = new(g.HardStopAfter.Milliseconds())
}
return global, global.Validate(strfmt.Default)
@@ -563,10 +566,10 @@ func (l *GlobalLoggingConfiguration) Model() (models.LogTarget, models.GlobalLog
}
logSendHostname := models.GlobalLogSendHostname{
- Enabled: ptr.To("disabled"),
+ Enabled: new("disabled"),
}
if ptr.Deref(l.SendHostname, false) {
- logSendHostname.Enabled = ptr.To(models.GlobalLogSendHostnameEnabledEnabled)
+ logSendHostname.Enabled = new(models.GlobalLogSendHostnameEnabledEnabled)
logSendHostname.Param = ptr.Deref(l.Hostname, "")
}
@@ -671,25 +674,25 @@ func (d *DefaultsConfiguration) Model() (models.Defaults, error) {
for name, timeout := range d.Timeouts {
switch name {
case "check":
- defaults.CheckTimeout = ptr.To(timeout.Milliseconds())
+ defaults.CheckTimeout = new(timeout.Milliseconds())
case "client":
- defaults.ClientTimeout = ptr.To(timeout.Milliseconds())
+ defaults.ClientTimeout = new(timeout.Milliseconds())
case "client-fin":
- defaults.ClientFinTimeout = ptr.To(timeout.Milliseconds())
+ defaults.ClientFinTimeout = new(timeout.Milliseconds())
case "connect":
- defaults.ConnectTimeout = ptr.To(timeout.Milliseconds())
+ defaults.ConnectTimeout = new(timeout.Milliseconds())
case "http-keep-alive":
- defaults.HTTPKeepAliveTimeout = ptr.To(timeout.Milliseconds())
+ defaults.HTTPKeepAliveTimeout = new(timeout.Milliseconds())
case "http-request":
- defaults.HTTPRequestTimeout = ptr.To(timeout.Milliseconds())
+ defaults.HTTPRequestTimeout = new(timeout.Milliseconds())
case "queue":
- defaults.QueueTimeout = ptr.To(timeout.Milliseconds())
+ defaults.QueueTimeout = new(timeout.Milliseconds())
case "server":
- defaults.ServerTimeout = ptr.To(timeout.Milliseconds())
+ defaults.ServerTimeout = new(timeout.Milliseconds())
case "server-fin":
- defaults.ServerFinTimeout = ptr.To(timeout.Milliseconds())
+ defaults.ServerFinTimeout = new(timeout.Milliseconds())
case "tunnel":
- defaults.TunnelTimeout = ptr.To(timeout.Milliseconds())
+ defaults.TunnelTimeout = new(timeout.Milliseconds())
default:
return defaults, fmt.Errorf("timeout %s unknown", name)
}
diff --git a/apis/proxy/v1alpha1/zz_generated.deepcopy.go b/apis/proxy/v1alpha1/zz_generated.deepcopy.go
index a9a4713..f62a229 100644
--- a/apis/proxy/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/proxy/v1alpha1/zz_generated.deepcopy.go
@@ -418,6 +418,13 @@ func (in *InstanceSpec) DeepCopyInto(out *InstanceSpec) {
*out = new(v1.ResourceRequirements)
(*in).DeepCopyInto(*out)
}
+ if in.InitContainers != nil {
+ in, out := &in.InitContainers, &out.InitContainers
+ *out = make([]v1.Container, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
if in.Sidecars != nil {
in, out := &in.Sidecars, &out.Sidecars
*out = make([]v1.Container, len(*in))
diff --git a/controllers/instance/instance_controller_test.go b/controllers/instance/instance_controller_test.go
index 932418a..32b2099 100644
--- a/controllers/instance/instance_controller_test.go
+++ b/controllers/instance/instance_controller_test.go
@@ -21,7 +21,6 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/util/uuid"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
- "k8s.io/utils/ptr"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
@@ -92,20 +91,20 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Enabled: true,
Address: "/var/lib/rsyslog/rsyslog.sock",
Facility: "local0",
- SendHostname: ptr.To(true),
+ SendHostname: new(true),
},
TuneOptions: &proxyv1alpha1.GlobalTuneOptions{
- Maxrewrite: ptr.To(int64(3000)),
- Bufsize: ptr.To(int64(16384)),
+ Maxrewrite: new(int64(3000)),
+ Bufsize: new(int64(16384)),
},
HardStopAfter: &dur,
Ocsp: &proxyv1alpha1.GlobalOCSPConfiguration{
Mode: true,
- MaxDelay: ptr.To(int64(3600)),
- MinDelay: ptr.To(int64(300)),
+ MaxDelay: new(int64(3600)),
+ MinDelay: new(int64(300)),
HTTPProxy: &proxyv1alpha1.OcspUpdateOptionsHttpproxy{
Address: "192.168.0.10",
- Port: ptr.To(int64(8000)),
+ Port: new(int64(8000)),
},
},
},
@@ -116,10 +115,16 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Network: proxyv1alpha1.Network{
Service: proxyv1alpha1.ServiceSpec{
Enabled: true,
- Type: ptr.To(corev1.ServiceTypeLoadBalancer),
+ Type: new(corev1.ServiceTypeLoadBalancer),
Annotations: annotations,
},
},
+ InitContainers: []corev1.Container{
+ {Name: "init", Image: "init-image"},
+ },
+ Sidecars: []corev1.Container{
+ {Name: "init", Image: "init-image"},
+ },
},
}
@@ -146,8 +151,8 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Address: "unix@/var/lib/haproxy/run/local.sock",
Port: 9443,
Name: "https",
- AcceptProxy: ptr.To(true),
- Hidden: ptr.To(true),
+ AcceptProxy: new(true),
+ Hidden: new(true),
SSL: &configv1alpha1.SSL{
Enabled: true,
},
@@ -182,8 +187,8 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Address: "unix@/var/lib/haproxy/run/local.sock",
Port: 9443,
Name: "https",
- AcceptProxy: ptr.To(true),
- Hidden: ptr.To(true),
+ AcceptProxy: new(true),
+ Hidden: new(true),
SSL: &configv1alpha1.SSL{
Enabled: true,
},
@@ -208,8 +213,8 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Address: "unix@/var/lib/haproxy/run/local.sock",
Port: 9443,
Name: "https",
- AcceptProxy: ptr.To(true),
- Hidden: ptr.To(true),
+ AcceptProxy: new(true),
+ Hidden: new(true),
SSL: &configv1alpha1.SSL{
Enabled: true,
},
@@ -239,8 +244,8 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Address: "unix@/var/lib/haproxy/run/local.sock",
Port: 9443,
Name: "https",
- AcceptProxy: ptr.To(true),
- Hidden: ptr.To(true),
+ AcceptProxy: new(true),
+ Hidden: new(true),
SSL: &configv1alpha1.SSL{
Enabled: true,
},
@@ -289,7 +294,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Alpn: []string{"h2", "http/1.0"},
},
VerifyHost: "routername.namespace.svc",
- Weight: ptr.To(int64(256)),
+ Weight: new(int64(256)),
Check: &configv1alpha1.Check{
Enabled: true,
Inter: &metav1.Duration{Duration: 5 * time.Second},
@@ -320,7 +325,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Ocsp: true,
OcspFile: &configv1alpha1.OcspFile{
Name: "route.name2",
- Value: ptr.To(string("OCSP Response Data: ...")),
+ Value: new(string("OCSP Response Data: ...")),
},
},
Servers: []configv1alpha1.Server{
@@ -339,7 +344,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Alpn: []string{"h2", "http/1.0"},
},
VerifyHost: "routername.namespace.svc",
- Weight: ptr.To(int64(256)),
+ Weight: new(int64(256)),
Check: &configv1alpha1.Check{
Enabled: true,
Inter: &metav1.Duration{Duration: 5 * time.Second},
@@ -370,8 +375,8 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Address: "${BIND_ADDRESS}",
Port: int32(20005),
Name: fmt.Sprintf("tcp-%d", 20005),
- AcceptProxy: ptr.To(true),
- Hidden: ptr.To(true),
+ AcceptProxy: new(true),
+ Hidden: new(true),
SSL: &configv1alpha1.SSL{
Enabled: true,
},
@@ -417,9 +422,9 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Verify: "required",
Alpn: []string{"http/1.1", "h2"},
},
- Weight: ptr.To(int64(256)),
+ Weight: new(int64(256)),
VerifyHost: "routeName" + "." + "routeName" + ".svc",
- InitAddr: ptr.To("none"),
+ InitAddr: new("none"),
Check: &configv1alpha1.Check{
Enabled: true,
Inter: &metav1.Duration{Duration: 500 * time.Millisecond},
@@ -440,7 +445,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Ocsp: true,
OcspFile: &configv1alpha1.OcspFile{
Name: "route.name.tcp",
- Value: ptr.To(string("OCSP Response Data: ...")),
+ Value: new(string("OCSP Response Data: ...")),
},
},
},
@@ -454,7 +459,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Labels: labels,
},
Spec: configv1alpha1.ResolverSpec{
- ParseResolvConf: ptr.To(true),
+ ParseResolvConf: new(true),
Hold: &configv1alpha1.Hold{
Nx: &metav1.Duration{Duration: 500 * time.Millisecond},
Valid: &metav1.Duration{Duration: 1 * time.Second},
@@ -493,6 +498,9 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Ω(cli.Get(ctx, client.ObjectKey{Namespace: proxy.Namespace, Name: "bar-foo-haproxy"}, statefulSet)).ShouldNot(HaveOccurred())
Ω(statefulSet.Spec.Template.ObjectMeta.Labels["app.kubernetes.io/name"]).Should(Equal(proxy.Name + "-haproxy"))
Ω(statefulSet.Spec.Template.ObjectMeta.Labels["label-test"]).Should(Equal("ok"))
+ Ω(statefulSet.Spec.Template.Spec.InitContainers).Should(HaveLen(1))
+ Ω(statefulSet.Spec.Template.Spec.InitContainers[0].Name).Should(Equal(proxy.Spec.InitContainers[0].Name))
+ Ω(statefulSet.Spec.Template.Spec.Containers).Should(HaveLen(3))
Ω(statefulSet.Spec.Template.Spec.Containers[0].Env).Should(HaveLen(2))
})
@@ -600,7 +608,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
PeriodSeconds: 3,
SuccessThreshold: 4,
FailureThreshold: 5,
- TerminationGracePeriodSeconds: ptr.To(int64(6)),
+ TerminationGracePeriodSeconds: new(int64(6)),
}
proxy.Spec.LivenessProbe = &corev1.Probe{
@@ -677,11 +685,11 @@ var _ = Describe("Reconcile", Label("controller"), func() {
It("remove duplicate port", func() {
feAdd1 := frontendCustomCerts2.DeepCopy()
feAdd1.Name = "additional1"
- feAdd1.Spec.Binds[0].Hidden = ptr.To(false)
+ feAdd1.Spec.Binds[0].Hidden = new(false)
feAdd2 := frontendCustomCerts2.DeepCopy()
feAdd2.Name = "additional2"
- feAdd2.Spec.Binds[0].Hidden = ptr.To(false)
+ feAdd2.Spec.Binds[0].Hidden = new(false)
initObjs = append(initObjs, feAdd1, feAdd2)
diff --git a/controllers/instance/prometheus.go b/controllers/instance/prometheus.go
index 1130315..ac057af 100644
--- a/controllers/instance/prometheus.go
+++ b/controllers/instance/prometheus.go
@@ -8,7 +8,6 @@ import (
proxyv1alpha1 "github.com/six-group/haproxy-operator/apis/proxy/v1alpha1"
"github.com/six-group/haproxy-operator/pkg/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/utils/ptr"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/log"
)
@@ -46,7 +45,7 @@ func (r *Reconciler) reconcileServiceMonitor(ctx context.Context, instance *prox
Path: "/metrics",
RelabelConfigs: instance.Spec.Metrics.RelabelConfigs,
Interval: instance.Spec.Metrics.Interval,
- Scheme: ptr.To(monitoringv1.Scheme("http")),
+ Scheme: new(monitoringv1.Scheme("http")),
},
}
diff --git a/controllers/instance/service.go b/controllers/instance/service.go
index 18ef2e1..56ce688 100644
--- a/controllers/instance/service.go
+++ b/controllers/instance/service.go
@@ -131,7 +131,7 @@ func (r *Reconciler) reconcileServiceEndpoints(ctx context.Context, instance *pr
for host, ip := range instance.Spec.Network.HostIPs {
addresses = append(addresses, discoveryv1.Endpoint{
Addresses: []string{ip},
- NodeName: ptr.To(host),
+ NodeName: new(host),
})
}
sort.Slice(addresses, func(i, j int) bool {
@@ -141,9 +141,9 @@ func (r *Reconciler) reconcileServiceEndpoints(ctx context.Context, instance *pr
var ports []discoveryv1.EndpointPort
for _, port := range service.Spec.Ports {
ports = append(ports, discoveryv1.EndpointPort{
- Name: ptr.To(port.Name),
- Port: ptr.To(port.Port),
- Protocol: ptr.To(port.Protocol),
+ Name: new(port.Name),
+ Port: new(port.Port),
+ Protocol: new(port.Protocol),
})
}
sort.Slice(ports, func(i, j int) bool {
diff --git a/controllers/instance/statefulset.go b/controllers/instance/statefulset.go
index 969e771..bcd88ec 100644
--- a/controllers/instance/statefulset.go
+++ b/controllers/instance/statefulset.go
@@ -140,7 +140,7 @@ func (r *Reconciler) reconcileStatefulSet(ctx context.Context, instance *proxyv1
Name: "haproxy-config",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
- DefaultMode: ptr.To(int32(420)),
+ DefaultMode: new(int32(420)),
SecretName: utils.GetConfigSecretName(instance),
},
},
@@ -160,7 +160,7 @@ func (r *Reconciler) reconcileStatefulSet(ctx context.Context, instance *proxyv1
Name: "rsyslog-config",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
- DefaultMode: ptr.To(int32(420)),
+ DefaultMode: new(int32(420)),
SecretName: utils.GetConfigSecretName(instance),
Items: []corev1.KeyToPath{
{
@@ -202,8 +202,8 @@ func (r *Reconciler) reconcileStatefulSet(ctx context.Context, instance *proxyv1
},
},
}
+
statefulset.Spec.Template.Spec.Containers = append(statefulset.Spec.Template.Spec.Containers, container)
- statefulset.Spec.Template.Spec.Containers = append(statefulset.Spec.Template.Spec.Containers, instance.Spec.Sidecars...)
}
if instance.Spec.Network.HostNetwork {
@@ -222,7 +222,7 @@ func (r *Reconciler) reconcileStatefulSet(ctx context.Context, instance *proxyv1
if ptr.Deref(instance.Spec.AllowPrivilegedPorts, false) {
statefulset.Spec.Template.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
- Privileged: ptr.To(true),
+ Privileged: new(true),
}
}
@@ -277,6 +277,9 @@ func (r *Reconciler) reconcileStatefulSet(ctx context.Context, instance *proxyv1
})
}
+ statefulset.Spec.Template.Spec.InitContainers = append(statefulset.Spec.Template.Spec.InitContainers, instance.Spec.InitContainers...)
+ statefulset.Spec.Template.Spec.Containers = append(statefulset.Spec.Template.Spec.Containers, instance.Spec.Sidecars...)
+
if needsUpdate(oldObj, statefulset) {
if create {
err = r.Create(ctx, statefulset)
diff --git a/controllers/instance/statefulset_test.go b/controllers/instance/statefulset_test.go
index 447d36a..7469141 100644
--- a/controllers/instance/statefulset_test.go
+++ b/controllers/instance/statefulset_test.go
@@ -12,7 +12,6 @@ import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/uuid"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
- "k8s.io/utils/ptr"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
)
@@ -51,7 +50,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
Enabled: true,
Address: "/var/lib/rsyslog/rsyslog.sock",
Facility: "local0",
- SendHostname: ptr.To(true),
+ SendHostname: new(true),
},
},
},
diff --git a/docs/api-reference.md b/docs/api-reference.md
index b807143..201261b 100644
--- a/docs/api-reference.md
+++ b/docs/api-reference.md
@@ -1419,6 +1419,7 @@ _Appears in:_
| `rolloutOnConfigChange` _boolean_ | RolloutOnConfigChange enable rollout on config changes | | Optional: \{\}
|
| `image` _string_ | Image specifies the HaProxy image including th tag. | haproxy:latest | |
| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | Resources defines the resource requirements for the HAProxy pods. | | Optional: \{\}
|
+| `initContainers` _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#container-v1-core) array_ | InitContainers additional init containers | | Optional: \{\}
|
| `sidecars` _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#container-v1-core) array_ | Sidecars additional sidecar containers | | Optional: \{\}
|
| `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to use to run this Instance. | | Optional: \{\}
|
| `imagePullSecrets` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core) array_ | ImagePullSecrets is an optional list of secret names in the same namespace to use for pulling any of the images used. | | Optional: \{\}
|
diff --git a/helm/haproxy-operator/crds/proxy.haproxy.com_instances.yaml b/helm/haproxy-operator/crds/proxy.haproxy.com_instances.yaml
index e7dbe60..a48e312 100644
--- a/helm/haproxy-operator/crds/proxy.haproxy.com_instances.yaml
+++ b/helm/haproxy-operator/crds/proxy.haproxy.com_instances.yaml
@@ -629,6 +629,1529 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: array
+ initContainers:
+ description: InitContainers additional init containers
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: |-
+ Name of the environment variable.
+ May consist of any printable ASCII characters except '='.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ fileKeyRef:
+ description: |-
+ FileKeyRef selects a key of the env file.
+ Requires the EnvFiles feature gate to be enabled.
+ properties:
+ key:
+ description: |-
+ The key within the env file. An invalid key will prevent the pod from starting.
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ type: string
+ optional:
+ default: false
+ description: |-
+ Specify whether the file or its key must be defined. If the file or key
+ does not exist, then the env var is not published.
+ If optional is set to true and the specified key does not exist,
+ the environment variable will not be set in the Pod's containers.
+
+ If optional is set to false and the specified key does not exist,
+ an error will be returned during Pod creation.
+ type: boolean
+ path:
+ description: |-
+ The path within the volume from which to select the file.
+ Must be relative and may not contain the '..' path or start with '..'.
+ type: string
+ volumeName:
+ description: The name of the volume mount containing
+ the env file.
+ type: string
+ required:
+ - key
+ - path
+ - volumeName
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps or Secrets
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: |-
+ Optional text to prepend to the name of each environment variable.
+ May consist of any printable ASCII characters except '='.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies a command to execute in
+ the container.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to
+ perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents a duration that the container
+ should sleep.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds to
+ sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for backward compatibility. There is no validation of this field and
+ lifecycle hooks will fail at runtime when it is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies a command to execute in
+ the container.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to
+ perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents a duration that the container
+ should sleep.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds to
+ sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for backward compatibility. There is no validation of this field and
+ lifecycle hooks will fail at runtime when it is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ stopSignal:
+ description: |-
+ StopSignal defines which signal will be sent to a container when it is being stopped.
+ If not specified, the default is defined by the container runtime in use.
+ StopSignal can only be set for Pods with a non-empty .spec.os.name
+ type: string
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the
+ container.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the
+ container.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
+ items:
+ description: ContainerResizePolicy represents resource resize
+ policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This field depends on the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This overrides the pod-level restart policy. When this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Additionally, setting the RestartPolicy as "Always" for the init container will
+ have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ restartPolicyRules:
+ description: |-
+ Represents a list of rules to be checked to determine if the
+ container should be restarted on exit. The rules are evaluated in
+ order. Once a rule matches a container exit condition, the remaining
+ rules are ignored. If no rule matches the container exit condition,
+ the Container-level restart policy determines the whether the container
+ is restarted or not. Constraints on the rules:
+ - At most 20 rules are allowed.
+ - Rules can have the same action.
+ - Identical rules are not forbidden in validations.
+ When rules are specified, container MUST set RestartPolicy explicitly
+ even it if matches the Pod's RestartPolicy.
+ items:
+ description: ContainerRestartRule describes how a container
+ exit is handled.
+ properties:
+ action:
+ description: |-
+ Specifies the action taken on a container exit if the requirements
+ are satisfied. The only possible value is "Restart" to restart the
+ container.
+ type: string
+ exitCodes:
+ description: Represents the exit codes to check on container
+ exits.
+ properties:
+ operator:
+ description: |-
+ Represents the relationship between the container exit code(s) and the
+ specified values. Possible values are:
+ - In: the requirement is satisfied if the container exit code is in the
+ set of specified values.
+ - NotIn: the requirement is satisfied if the container exit code is
+ not in the set of specified values.
+ type: string
+ values:
+ description: |-
+ Specifies the set of values to check for container exit codes.
+ At most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies a command to execute in the
+ container.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies a GRPC HealthCheckRequest.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies an HTTP GET request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies a connection to a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
labels:
additionalProperties:
type: string