From 38874a6498d31f8f0e4802c2117bde8b870a9e57 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Jan 2022 14:06:44 +0100 Subject: [PATCH] Update module sigs.k8s.io/controller-runtime to v0.11.0 (#5161) * Update module sigs.k8s.io/controller-runtime to v0.11.0 * Run generate * Replace corev1.Handler by corev1.LifecycleHandler * Replace corev1.Handler by corev1.ProbeHandler * Use logr.Discard() Relates to the breaking change https://github.com/go-logr/logr/pull/42 released in logr v1.0.0. --- NOTICE.txt | 374 ++++- config/crds/v1/all-crds.yaml | 433 ++--- .../v1/bases/agent.k8s.elastic.co_agents.yaml | 1267 +++++++++----- .../bases/apm.k8s.elastic.co_apmservers.yaml | 1220 +++++++++----- .../v1/bases/beat.k8s.elastic.co_beats.yaml | 1234 +++++++++----- ...search.k8s.elastic.co_elasticsearches.yaml | 1477 ++++++++++++----- ...rch.k8s.elastic.co_enterprisesearches.yaml | 1220 +++++++++----- .../bases/kibana.k8s.elastic.co_kibanas.yaml | 1220 +++++++++----- ...aps.k8s.elastic.co_elasticmapsservers.yaml | 610 ++++--- .../eck-operator-crds/templates/all-crds.yaml | 433 ++--- docs/reference/dependencies.asciidoc | 43 +- go.mod | 16 +- go.sum | 92 +- pkg/controller/apmserver/deployment_test.go | 2 +- pkg/controller/apmserver/pod.go | 2 +- pkg/controller/beat/common/config_test.go | 5 +- pkg/controller/common/container/defaulter.go | 2 +- .../common/defaults/pod_template.go | 2 +- .../common/defaults/pod_template_test.go | 22 +- .../elasticsearch/nodespec/lifecycle_hook.go | 4 +- .../elasticsearch/nodespec/readiness_probe.go | 2 +- pkg/controller/enterprisesearch/pod.go | 2 +- pkg/controller/kibana/driver_test.go | 4 +- pkg/controller/kibana/pod.go | 2 +- pkg/controller/maps/pod.go | 2 +- 25 files changed, 6610 insertions(+), 3080 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index 332dd0b2dd1..1e70a381419 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -405,11 +405,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Module : github.com/go-logr/logr -Version : v0.4.0 -Time : 2021-01-23T00:09:52Z +Version : v1.2.0 +Time : 2021-10-20T18:15:37Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/github.com/go-logr/logr@v0.4.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/go-logr/logr@v1.2.0/LICENSE: Apache License Version 2.0, January 2004 @@ -1841,11 +1841,11 @@ Contents of probable licence file $GOMODCACHE/github.com/prometheus/client_golan -------------------------------------------------------------------------------- Module : github.com/prometheus/common -Version : v0.26.0 -Time : 2021-06-03T08:22:19Z +Version : v0.28.0 +Time : 2021-06-07T13:15:57Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/github.com/prometheus/common@v0.26.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/prometheus/common@v0.28.0/LICENSE: Apache License Version 2.0, January 2004 @@ -3182,11 +3182,11 @@ limitations under the License. -------------------------------------------------------------------------------- Module : k8s.io/api -Version : v0.22.4 -Time : 2021-11-17T23:34:20Z +Version : v0.23.0 +Time : 2021-12-07T21:05:34Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/k8s.io/api@v0.22.4/LICENSE: +Contents of probable licence file $GOMODCACHE/k8s.io/api@v0.23.0/LICENSE: Apache License @@ -3394,11 +3394,11 @@ Contents of probable licence file $GOMODCACHE/k8s.io/api@v0.22.4/LICENSE: -------------------------------------------------------------------------------- Module : k8s.io/apimachinery -Version : v0.22.4 -Time : 2021-11-11T07:24:29Z +Version : v0.23.0 +Time : 2021-12-03T08:58:06Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/k8s.io/apimachinery@v0.22.4/LICENSE: +Contents of probable licence file $GOMODCACHE/k8s.io/apimachinery@v0.23.0/LICENSE: Apache License @@ -3606,11 +3606,11 @@ Contents of probable licence file $GOMODCACHE/k8s.io/apimachinery@v0.22.4/LICENS -------------------------------------------------------------------------------- Module : k8s.io/client-go -Version : v0.22.4 -Time : 2021-11-17T23:48:57Z +Version : v0.23.0 +Time : 2021-12-07T21:10:26Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/k8s.io/client-go@v0.22.4/LICENSE: +Contents of probable licence file $GOMODCACHE/k8s.io/client-go@v0.23.0/LICENSE: Apache License @@ -3818,11 +3818,11 @@ Contents of probable licence file $GOMODCACHE/k8s.io/client-go@v0.22.4/LICENSE: -------------------------------------------------------------------------------- Module : k8s.io/klog/v2 -Version : v2.10.0 -Time : 2021-07-05T16:16:55Z +Version : v2.30.0 +Time : 2021-10-22T07:54:37Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/k8s.io/klog/v2@v2.10.0/LICENSE: +Contents of probable licence file $GOMODCACHE/k8s.io/klog/v2@v2.30.0/LICENSE: Apache License Version 2.0, January 2004 @@ -4019,11 +4019,11 @@ third-party archives. -------------------------------------------------------------------------------- Module : k8s.io/utils -Version : v0.0.0-20210819203725-bdf08cb9a70a -Time : 2021-08-19T20:37:25Z +Version : v0.0.0-20210930125809-cb0fa318a74b +Time : 2021-09-30T12:58:09Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/k8s.io/utils@v0.0.0-20210819203725-bdf08cb9a70a/LICENSE: +Contents of probable licence file $GOMODCACHE/k8s.io/utils@v0.0.0-20210930125809-cb0fa318a74b/LICENSE: Apache License @@ -4231,11 +4231,11 @@ Contents of probable licence file $GOMODCACHE/k8s.io/utils@v0.0.0-20210819203725 -------------------------------------------------------------------------------- Module : sigs.k8s.io/controller-runtime -Version : v0.10.3 -Time : 2021-11-10T15:01:27Z +Version : v0.11.0 +Time : 2021-12-08T21:25:46Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/sigs.k8s.io/controller-runtime@v0.10.3/LICENSE: +Contents of probable licence file $GOMODCACHE/sigs.k8s.io/controller-runtime@v0.11.0/LICENSE: Apache License Version 2.0, January 2004 @@ -6080,11 +6080,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Module : github.com/evanphx/json-patch -Version : v4.11.0+incompatible -Time : 2021-06-04T04:51:04Z +Version : v4.12.0+incompatible +Time : 2021-10-21T16:40:42Z Licence : BSD-3-Clause -Contents of probable licence file $GOMODCACHE/github.com/evanphx/json-patch@v4.11.0+incompatible/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/evanphx/json-patch@v4.12.0+incompatible/LICENSE: Copyright (c) 2014, Evan Phoenix All rights reserved. @@ -6206,11 +6206,11 @@ SOFTWARE. -------------------------------------------------------------------------------- Module : github.com/go-logr/zapr -Version : v0.4.0 -Time : 2021-01-23T00:04:02Z +Version : v1.2.0 +Time : 2021-10-20T19:06:37Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/github.com/go-logr/zapr@v0.4.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/go-logr/zapr@v1.2.0/LICENSE: Apache License Version 2.0, January 2004 @@ -15311,11 +15311,11 @@ Contents of probable licence file $GOMODCACHE/github.com/oklog/run@v1.0.0/LICENS -------------------------------------------------------------------------------- Module : github.com/onsi/ginkgo -Version : v1.16.4 -Time : 2021-06-02T18:20:44Z +Version : v1.16.5 +Time : 2021-10-11T17:27:58Z Licence : MIT -Contents of probable licence file $GOMODCACHE/github.com/onsi/ginkgo@v1.16.4/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/onsi/ginkgo@v1.16.5/LICENSE: Copyright (c) 2013-2014 Onsi Fakhouri @@ -15341,11 +15341,11 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- Module : github.com/onsi/gomega -Version : v1.15.0 -Time : 2021-08-05T19:36:13Z +Version : v1.17.0 +Time : 2021-11-07T19:22:36Z Licence : MIT -Contents of probable licence file $GOMODCACHE/github.com/onsi/gomega@v1.15.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/onsi/gomega@v1.17.0/LICENSE: Copyright (c) 2013-2014 Onsi Fakhouri @@ -16838,11 +16838,11 @@ THE SOFTWARE. -------------------------------------------------------------------------------- Module : go.uber.org/goleak -Version : v1.1.11-0.20210813005559-691160354723 -Time : 2021-08-13T00:55:59Z +Version : v1.1.12 +Time : 2021-10-04T22:15:00Z Licence : MIT -Contents of probable licence file $GOMODCACHE/go.uber.org/goleak@v1.1.11-0.20210813005559-691160354723/LICENSE: +Contents of probable licence file $GOMODCACHE/go.uber.org/goleak@v1.1.12/LICENSE: The MIT License (MIT) @@ -17009,11 +17009,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Module : golang.org/x/net -Version : v0.0.0-20210813160813-60bc85c4be6d -Time : 2021-08-13T16:08:13Z +Version : v0.0.0-20210825183410-e898025ed96a +Time : 2021-08-25T18:34:10Z Licence : BSD-3-Clause -Contents of probable licence file $GOMODCACHE/golang.org/x/net@v0.0.0-20210813160813-60bc85c4be6d/LICENSE: +Contents of probable licence file $GOMODCACHE/golang.org/x/net@v0.0.0-20210825183410-e898025ed96a/LICENSE: Copyright (c) 2009 The Go Authors. All rights reserved. @@ -17120,11 +17120,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Module : golang.org/x/term -Version : v0.0.0-20210220032956-6a3ed077a48d -Time : 2021-02-20T03:29:56Z +Version : v0.0.0-20210615171337-6886f2dfbf5b +Time : 2021-06-15T17:13:37Z Licence : BSD-3-Clause -Contents of probable licence file $GOMODCACHE/golang.org/x/term@v0.0.0-20210220032956-6a3ed077a48d/LICENSE: +Contents of probable licence file $GOMODCACHE/golang.org/x/term@v0.0.0-20210615171337-6886f2dfbf5b/LICENSE: Copyright (c) 2009 The Go Authors. All rights reserved. @@ -17231,11 +17231,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Module : golang.org/x/tools -Version : v0.1.5 -Time : 2021-07-13T20:15:39Z +Version : v0.1.6-0.20210820212750-d4cc65f0b2ff +Time : 2021-08-20T21:27:50Z Licence : BSD-3-Clause -Contents of probable licence file $GOMODCACHE/golang.org/x/tools@v0.1.5/LICENSE: +Contents of probable licence file $GOMODCACHE/golang.org/x/tools@v0.1.6-0.20210820212750-d4cc65f0b2ff/LICENSE: Copyright (c) 2009 The Go Authors. All rights reserved. @@ -18815,11 +18815,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Module : k8s.io/apiextensions-apiserver -Version : v0.22.2 -Time : 2021-09-17T12:56:44Z +Version : v0.23.0 +Time : 2021-12-07T21:29:24Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/k8s.io/apiextensions-apiserver@v0.22.2/LICENSE: +Contents of probable licence file $GOMODCACHE/k8s.io/apiextensions-apiserver@v0.23.0/LICENSE: Apache License @@ -19027,11 +19027,11 @@ Contents of probable licence file $GOMODCACHE/k8s.io/apiextensions-apiserver@v0. -------------------------------------------------------------------------------- Module : k8s.io/component-base -Version : v0.22.2 -Time : 2021-09-17T12:13:20Z +Version : v0.23.0 +Time : 2021-12-07T21:12:18Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/k8s.io/component-base@v0.22.2/LICENSE: +Contents of probable licence file $GOMODCACHE/k8s.io/component-base@v0.23.0/LICENSE: Apache License @@ -19239,11 +19239,11 @@ Contents of probable licence file $GOMODCACHE/k8s.io/component-base@v0.22.2/LICE -------------------------------------------------------------------------------- Module : k8s.io/kube-openapi -Version : v0.0.0-20211109043538-20434351676c -Time : 2021-11-09T04:35:38Z +Version : v0.0.0-20211115234752-e816edb12b65 +Time : 2021-11-15T23:47:52Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/k8s.io/kube-openapi@v0.0.0-20211109043538-20434351676c/LICENSE: +Contents of probable licence file $GOMODCACHE/k8s.io/kube-openapi@v0.0.0-20211115234752-e816edb12b65/LICENSE: Apache License @@ -19449,13 +19449,261 @@ Contents of probable licence file $GOMODCACHE/k8s.io/kube-openapi@v0.0.0-2021110 limitations under the License. +-------------------------------------------------------------------------------- +Module : sigs.k8s.io/json +Version : v0.0.0-20211020170558-c049b76a60c6 +Time : 2021-10-20T17:05:58Z +Licence : Apache-2.0 + +Contents of probable licence file $GOMODCACHE/sigs.k8s.io/json@v0.0.0-20211020170558-c049b76a60c6/LICENSE: + +Files other than internal/golang/* licensed under: + + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +------------------ + +internal/golang/* files licensed under: + + +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + -------------------------------------------------------------------------------- Module : sigs.k8s.io/structured-merge-diff/v4 -Version : v4.1.2 -Time : 2021-06-28T15:47:25Z +Version : v4.2.0 +Time : 2021-10-27T23:59:03Z Licence : Apache-2.0 -Contents of probable licence file $GOMODCACHE/sigs.k8s.io/structured-merge-diff/v4@v4.1.2/LICENSE: +Contents of probable licence file $GOMODCACHE/sigs.k8s.io/structured-merge-diff/v4@v4.2.0/LICENSE: Apache License Version 2.0, January 2004 @@ -19662,11 +19910,11 @@ Contents of probable licence file $GOMODCACHE/sigs.k8s.io/structured-merge-diff/ -------------------------------------------------------------------------------- Module : sigs.k8s.io/yaml -Version : v1.2.0 -Time : 2020-02-04T15:11:26Z +Version : v1.3.0 +Time : 2021-09-22T21:48:32Z Licence : MIT -Contents of probable licence file $GOMODCACHE/sigs.k8s.io/yaml@v1.2.0/LICENSE: +Contents of probable licence file $GOMODCACHE/sigs.k8s.io/yaml@v1.3.0/LICENSE: The MIT License (MIT) diff --git a/config/crds/v1/all-crds.yaml b/config/crds/v1/all-crds.yaml index f1da4e69f29..24e4b3d72d4 100644 --- a/config/crds/v1/all-crds.yaml +++ b/config/crds/v1/all-crds.yaml @@ -355,12 +355,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -421,21 +418,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -449,17 +445,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -981,12 +976,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -1047,21 +1039,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -1075,17 +1066,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -1580,12 +1570,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -1646,21 +1633,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -1674,17 +1660,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -2544,12 +2529,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -2610,21 +2592,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -2638,17 +2619,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -3108,12 +3088,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -3174,21 +3151,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -3202,17 +3178,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -3668,7 +3643,11 @@ spec: type: object resources: description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -3769,6 +3748,27 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object capacity: additionalProperties: anyOf: @@ -3822,6 +3822,14 @@ spec: description: Phase represents the current phase of PersistentVolumeClaim. type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string type: object type: object type: array @@ -4099,12 +4107,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -4165,21 +4170,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -4193,17 +4197,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -4630,12 +4633,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -4696,21 +4696,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -4724,17 +4723,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -5113,7 +5111,11 @@ spec: type: object resources: description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -5214,6 +5216,27 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object capacity: additionalProperties: anyOf: @@ -5267,6 +5290,14 @@ spec: description: Phase represents the current phase of PersistentVolumeClaim. type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string type: object type: object type: array @@ -5665,12 +5696,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -5731,21 +5759,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -5759,17 +5786,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -6215,12 +6241,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -6281,21 +6304,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -6309,17 +6331,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -6797,12 +6818,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -6863,21 +6881,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -6891,17 +6908,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -7450,12 +7466,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -7516,21 +7529,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -7544,17 +7556,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load diff --git a/config/crds/v1/bases/agent.k8s.elastic.co_agents.yaml b/config/crds/v1/bases/agent.k8s.elastic.co_agents.yaml index 4b7c104e059..12742edb1c1 100644 --- a/config/crds/v1/bases/agent.k8s.elastic.co_agents.yaml +++ b/config/crds/v1/bases/agent.k8s.elastic.co_agents.yaml @@ -1317,9 +1317,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -1390,10 +1389,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -1418,21 +1419,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -1503,10 +1502,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -1532,9 +1533,7 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1558,6 +1557,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1625,10 +1644,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1736,9 +1753,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1762,6 +1777,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1829,10 +1864,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1919,13 +1952,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -1946,7 +1982,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -1954,11 +1991,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -1966,7 +2006,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -1988,6 +2029,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -1997,7 +2040,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -2020,7 +2064,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -2049,7 +2095,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -2103,9 +2150,7 @@ spec: cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -2129,6 +2174,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2196,10 +2261,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2429,22 +2492,21 @@ spec: it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field - is alpha-level and is only honored by servers that enable - the EphemeralContainers feature. + is beta-level and available on clusters that haven't + disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that - may be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they - will not be restarted when they exit or when a pod - is removed or restarted. If an ephemeral container - causes a pod to exceed its resource allocation, the - pod may be evicted. Ephemeral containers may not be - added by directly updating the pod spec. They must - be added via the pod's ephemeralcontainers subresource, - and they will appear in the pod spec once added. This - is an alpha feature enabled by the EphemeralContainers - feature flag. + will not be restarted when they exit or when a Pod + is removed or restarted. The kubelet may evict a Pod + if an ephemeral container causes the Pod to exceed + its resource allocation. \n To add an ephemeral container, + use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. + \n This is a beta feature available on clusters that + haven't disabled the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -2670,9 +2732,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -2743,10 +2804,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -2771,21 +2834,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -2856,10 +2917,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -2884,9 +2947,7 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -2910,6 +2971,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2977,10 +3058,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3072,14 +3151,16 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3103,6 +3184,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3170,10 +3271,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3261,13 +3360,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -3288,7 +3390,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -3296,11 +3399,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -3308,7 +3414,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -3330,6 +3437,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -3339,7 +3448,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -3362,7 +3472,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -3391,7 +3503,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -3437,9 +3550,7 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3463,6 +3574,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3530,10 +3661,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3599,13 +3728,15 @@ spec: stdin will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from - PodSpec that this ephemeral container targets. + description: "If set, the name of the container + from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that the - container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container runtime + must implement support for this feature. If the + runtime does not support namespace targeting then + the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to @@ -3657,7 +3788,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -4019,9 +4151,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -4092,10 +4223,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -4120,21 +4253,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -4205,10 +4336,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -4234,9 +4367,7 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4260,6 +4391,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4327,10 +4478,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4438,9 +4587,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4464,6 +4611,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4531,10 +4698,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4621,13 +4786,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -4648,7 +4816,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -4656,11 +4825,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -4668,7 +4840,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4690,6 +4863,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -4699,7 +4874,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -4722,7 +4898,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -4751,7 +4929,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -4805,9 +4984,7 @@ spec: cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4831,6 +5008,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4898,10 +5095,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5086,6 +5281,38 @@ spec: that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the + pod. Some pod and container fields are restricted if + this is set. \n If the OS field is set to linux, the + following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - + spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can + be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as os: + null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -5186,7 +5413,8 @@ spec: created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership - and permissions of any volume." + and permissions of any volume. Note that this field + cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: @@ -5197,7 +5425,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used.' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -5205,7 +5435,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for - that container. + that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5224,7 +5455,8 @@ spec: image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -5234,7 +5466,8 @@ spec: container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -5255,7 +5488,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5280,7 +5514,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups - will be added to any container. + will be added to any container. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -5289,6 +5524,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5310,6 +5547,8 @@ spec: a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -5537,7 +5776,7 @@ spec: location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming - pod if and only if every possible node assigment + pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread @@ -6017,9 +6256,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent - volumes at the same time. \n This is a beta feature - and only available when the GenericEphemeralVolume - feature gate is enabled." + volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -6176,7 +6413,13 @@ spec: resources: description: 'Resources represents the minimum resources the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements that + are lower than previous value but + must still be higher than capacity + recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -8573,9 +8816,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -8646,10 +8888,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -8674,21 +8918,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -8759,10 +9001,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -8788,9 +9032,7 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -8814,6 +9056,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -8881,10 +9143,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -8992,9 +9252,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9018,6 +9276,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9085,10 +9363,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9175,13 +9451,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -9202,7 +9481,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -9210,11 +9490,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -9222,7 +9505,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -9244,6 +9528,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -9253,7 +9539,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -9276,7 +9563,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -9305,7 +9594,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -9359,9 +9649,7 @@ spec: cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9385,6 +9673,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9452,10 +9760,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9685,22 +9991,21 @@ spec: it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field - is alpha-level and is only honored by servers that enable - the EphemeralContainers feature. + is beta-level and available on clusters that haven't + disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that - may be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they - will not be restarted when they exit or when a pod - is removed or restarted. If an ephemeral container - causes a pod to exceed its resource allocation, the - pod may be evicted. Ephemeral containers may not be - added by directly updating the pod spec. They must - be added via the pod's ephemeralcontainers subresource, - and they will appear in the pod spec once added. This - is an alpha feature enabled by the EphemeralContainers - feature flag. + will not be restarted when they exit or when a Pod + is removed or restarted. The kubelet may evict a Pod + if an ephemeral container causes the Pod to exceed + its resource allocation. \n To add an ephemeral container, + use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. + \n This is a beta feature available on clusters that + haven't disabled the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -9926,9 +10231,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -9999,10 +10303,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -10027,21 +10333,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -10112,10 +10416,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -10140,9 +10446,7 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10166,6 +10470,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10233,10 +10557,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10328,14 +10650,16 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10359,6 +10683,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10426,10 +10770,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10517,13 +10859,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -10544,7 +10889,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -10552,11 +10898,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -10564,7 +10913,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -10586,6 +10936,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -10595,7 +10947,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -10618,7 +10971,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -10647,7 +11002,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -10693,9 +11049,7 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10719,6 +11073,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10786,10 +11160,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10855,13 +11227,15 @@ spec: stdin will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from - PodSpec that this ephemeral container targets. + description: "If set, the name of the container + from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that the - container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container runtime + must implement support for this feature. If the + runtime does not support namespace targeting then + the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to @@ -10913,7 +11287,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -11275,9 +11650,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -11348,10 +11722,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -11376,21 +11752,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -11461,10 +11835,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -11490,9 +11866,7 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11516,6 +11890,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11583,10 +11977,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11694,9 +12086,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11720,6 +12110,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11787,10 +12197,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11877,13 +12285,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -11904,7 +12315,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -11912,11 +12324,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -11924,7 +12339,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -11946,6 +12362,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -11955,7 +12373,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -11978,7 +12397,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -12007,7 +12428,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -12061,9 +12483,7 @@ spec: cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -12087,6 +12507,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12154,10 +12594,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12342,6 +12780,38 @@ spec: that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the + pod. Some pod and container fields are restricted if + this is set. \n If the OS field is set to linux, the + following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - + spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can + be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as os: + null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -12442,7 +12912,8 @@ spec: created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership - and permissions of any volume." + and permissions of any volume. Note that this field + cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: @@ -12453,7 +12924,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used.' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -12461,7 +12934,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for - that container. + that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -12480,7 +12954,8 @@ spec: image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12490,7 +12965,8 @@ spec: container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -12511,7 +12987,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -12536,7 +13013,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups - will be added to any container. + will be added to any container. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -12545,6 +13023,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -12566,6 +13046,8 @@ spec: a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -12793,7 +13275,7 @@ spec: location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming - pod if and only if every possible node assigment + pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread @@ -13273,9 +13755,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent - volumes at the same time. \n This is a beta feature - and only available when the GenericEphemeralVolume - feature gate is enabled." + volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -13432,7 +13912,13 @@ spec: resources: description: 'Resources represents the minimum resources the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements that + are lower than previous value but + must still be higher than capacity + recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -14715,12 +15201,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -14781,21 +15264,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -14809,17 +15291,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load diff --git a/config/crds/v1/bases/apm.k8s.elastic.co_apmservers.yaml b/config/crds/v1/bases/apm.k8s.elastic.co_apmservers.yaml index 41b9be1ccbc..08908713163 100644 --- a/config/crds/v1/bases/apm.k8s.elastic.co_apmservers.yaml +++ b/config/crds/v1/bases/apm.k8s.elastic.co_apmservers.yaml @@ -173,12 +173,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -239,21 +236,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -267,17 +263,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -1694,9 +1689,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1761,10 +1754,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -1789,20 +1783,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1867,10 +1858,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -1896,8 +1888,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -1919,6 +1910,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1984,9 +1995,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2090,8 +2100,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -2113,6 +2122,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2178,9 +2207,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2264,12 +2292,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2289,7 +2319,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -2297,11 +2329,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -2309,6 +2343,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -2328,7 +2364,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -2338,6 +2375,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -2360,7 +2399,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -2388,6 +2428,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -2436,8 +2478,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -2459,6 +2500,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2524,9 +2585,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2750,21 +2810,21 @@ spec: be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters that + haven't disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that may - be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not - be restarted when they exit or when a pod is removed or - restarted. If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. Ephemeral - containers may not be added by directly updating the pod - spec. They must be added via the pod's ephemeralcontainers - subresource, and they will appear in the pod spec once - added. This is an alpha feature enabled by the EphemeralContainers - feature flag. + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted. \n This is a beta feature + available on clusters that haven't disabled the EphemeralContainers + feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -2984,9 +3044,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3051,10 +3109,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3079,20 +3138,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3157,10 +3213,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3184,8 +3241,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3207,6 +3263,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3272,9 +3348,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3361,12 +3436,15 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3388,6 +3466,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3453,9 +3551,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3540,12 +3637,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3565,7 +3664,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -3573,11 +3674,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -3585,6 +3688,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -3604,7 +3709,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3614,6 +3720,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -3636,7 +3744,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -3664,6 +3773,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -3704,8 +3815,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3727,6 +3837,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3792,9 +3922,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3857,13 +3986,15 @@ spec: will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then - the ephemeral container is run in whatever namespaces - are shared for the pod. Note that the container runtime - must support this feature. + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to which @@ -3915,7 +4046,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -4263,9 +4395,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4330,10 +4460,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -4358,20 +4489,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4436,10 +4564,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -4465,8 +4594,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4488,6 +4616,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4553,9 +4701,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4659,8 +4806,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4682,6 +4828,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4747,9 +4913,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4833,12 +4998,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4858,7 +5025,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -4866,11 +5035,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -4878,6 +5049,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -4897,7 +5070,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4907,6 +5081,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -4929,7 +5105,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -4957,6 +5134,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -5005,8 +5184,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -5028,6 +5206,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5093,9 +5291,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5275,6 +5472,35 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This is + an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -5371,7 +5597,8 @@ spec: in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any - volume." + volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -5382,14 +5609,16 @@ spec: permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5408,7 +5637,8 @@ spec: if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -5417,7 +5647,8 @@ spec: allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -5438,7 +5669,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set when + spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5463,7 +5695,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added - to any container. + to any container. Note that this field cannot be set + when spec.os.name is windows. items: format: int64 type: integer @@ -5471,7 +5704,8 @@ spec: sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5492,7 +5726,8 @@ spec: all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -5709,7 +5944,7 @@ spec: higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P @@ -6161,9 +6396,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." + at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -6312,8 +6545,13 @@ spec: type: object resources: description: 'Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -7599,12 +7837,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -7665,21 +7900,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -7693,17 +7927,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -9098,9 +9331,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9165,10 +9396,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -9193,20 +9425,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9271,10 +9500,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -9300,8 +9530,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9323,6 +9552,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9388,9 +9637,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9494,8 +9742,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9517,6 +9764,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9582,9 +9849,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9668,12 +9934,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -9693,7 +9961,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -9701,11 +9971,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -9713,6 +9985,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -9732,7 +10006,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -9742,6 +10017,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -9764,7 +10041,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -9792,6 +10070,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -9840,8 +10120,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9863,6 +10142,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9928,9 +10227,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10154,21 +10452,21 @@ spec: be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters that + haven't disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that may - be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not - be restarted when they exit or when a pod is removed or - restarted. If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. Ephemeral - containers may not be added by directly updating the pod - spec. They must be added via the pod's ephemeralcontainers - subresource, and they will appear in the pod spec once - added. This is an alpha feature enabled by the EphemeralContainers - feature flag. + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted. \n This is a beta feature + available on clusters that haven't disabled the EphemeralContainers + feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -10388,9 +10686,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10455,10 +10751,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -10483,20 +10780,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10561,10 +10855,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -10588,8 +10883,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -10611,6 +10905,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10676,9 +10990,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10765,12 +11078,15 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -10792,6 +11108,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10857,9 +11193,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10944,12 +11279,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -10969,7 +11306,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -10977,11 +11316,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -10989,6 +11330,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -11008,7 +11351,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -11018,6 +11362,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -11040,7 +11386,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -11068,6 +11415,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -11108,8 +11457,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -11131,6 +11479,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11196,9 +11564,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11261,13 +11628,15 @@ spec: will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then - the ephemeral container is run in whatever namespaces - are shared for the pod. Note that the container runtime - must support this feature. + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to which @@ -11319,7 +11688,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -11667,9 +12037,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11734,10 +12102,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -11762,20 +12131,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11840,10 +12206,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -11869,8 +12236,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -11892,6 +12258,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11957,9 +12343,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12063,8 +12448,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -12086,6 +12470,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12151,9 +12555,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12237,12 +12640,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -12262,7 +12667,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -12270,11 +12677,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -12282,6 +12691,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -12301,7 +12712,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12311,6 +12723,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -12333,7 +12747,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -12361,6 +12776,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -12409,8 +12826,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -12432,6 +12848,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12497,9 +12933,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12679,6 +13114,35 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This is + an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -12775,7 +13239,8 @@ spec: in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any - volume." + volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -12786,14 +13251,16 @@ spec: permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -12812,7 +13279,8 @@ spec: if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12821,7 +13289,8 @@ spec: allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -12842,7 +13311,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set when + spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -12867,7 +13337,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added - to any container. + to any container. Note that this field cannot be set + when spec.os.name is windows. items: format: int64 type: integer @@ -12875,7 +13346,8 @@ spec: sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -12896,7 +13368,8 @@ spec: all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -13113,7 +13586,7 @@ spec: higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P @@ -13565,9 +14038,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." + at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -13716,8 +14187,13 @@ spec: type: object resources: description: 'Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: diff --git a/config/crds/v1/bases/beat.k8s.elastic.co_beats.yaml b/config/crds/v1/bases/beat.k8s.elastic.co_beats.yaml index 418dd4c5fcb..09cc8c717cf 100644 --- a/config/crds/v1/bases/beat.k8s.elastic.co_beats.yaml +++ b/config/crds/v1/bases/beat.k8s.elastic.co_beats.yaml @@ -1321,9 +1321,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -1394,10 +1393,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -1422,21 +1423,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -1507,10 +1506,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -1536,9 +1537,7 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1562,6 +1561,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1629,10 +1648,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1740,9 +1757,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1766,6 +1781,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1833,10 +1868,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1923,13 +1956,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -1950,7 +1986,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -1958,11 +1995,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -1970,7 +2010,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -1992,6 +2033,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -2001,7 +2044,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -2024,7 +2068,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -2053,7 +2099,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -2107,9 +2154,7 @@ spec: cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -2133,6 +2178,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2200,10 +2265,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2433,22 +2496,21 @@ spec: it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field - is alpha-level and is only honored by servers that enable - the EphemeralContainers feature. + is beta-level and available on clusters that haven't + disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that - may be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they - will not be restarted when they exit or when a pod - is removed or restarted. If an ephemeral container - causes a pod to exceed its resource allocation, the - pod may be evicted. Ephemeral containers may not be - added by directly updating the pod spec. They must - be added via the pod's ephemeralcontainers subresource, - and they will appear in the pod spec once added. This - is an alpha feature enabled by the EphemeralContainers - feature flag. + will not be restarted when they exit or when a Pod + is removed or restarted. The kubelet may evict a Pod + if an ephemeral container causes the Pod to exceed + its resource allocation. \n To add an ephemeral container, + use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. + \n This is a beta feature available on clusters that + haven't disabled the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -2674,9 +2736,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -2747,10 +2808,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -2775,21 +2838,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -2860,10 +2921,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -2888,9 +2951,7 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -2914,6 +2975,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2981,10 +3062,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3076,14 +3155,16 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3107,6 +3188,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3174,10 +3275,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3265,13 +3364,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -3292,7 +3394,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -3300,11 +3403,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -3312,7 +3418,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -3334,6 +3441,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -3343,7 +3452,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -3366,7 +3476,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -3395,7 +3507,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -3441,9 +3554,7 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3467,6 +3578,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3534,10 +3665,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3603,13 +3732,15 @@ spec: stdin will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from - PodSpec that this ephemeral container targets. + description: "If set, the name of the container + from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that the - container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container runtime + must implement support for this feature. If the + runtime does not support namespace targeting then + the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to @@ -3661,7 +3792,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -4023,9 +4155,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -4096,10 +4227,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -4124,21 +4257,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -4209,10 +4340,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -4238,9 +4371,7 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4264,6 +4395,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4331,10 +4482,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4442,9 +4591,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4468,6 +4615,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4535,10 +4702,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4625,13 +4790,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -4652,7 +4820,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -4660,11 +4829,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -4672,7 +4844,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4694,6 +4867,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -4703,7 +4878,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -4726,7 +4902,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -4755,7 +4933,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -4809,9 +4988,7 @@ spec: cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4835,6 +5012,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4902,10 +5099,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5090,6 +5285,38 @@ spec: that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the + pod. Some pod and container fields are restricted if + this is set. \n If the OS field is set to linux, the + following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - + spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can + be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as os: + null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -5190,7 +5417,8 @@ spec: created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership - and permissions of any volume." + and permissions of any volume. Note that this field + cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: @@ -5201,7 +5429,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used.' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -5209,7 +5439,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for - that container. + that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5228,7 +5459,8 @@ spec: image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -5238,7 +5470,8 @@ spec: container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -5259,7 +5492,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5284,7 +5518,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups - will be added to any container. + will be added to any container. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -5293,6 +5528,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5314,6 +5551,8 @@ spec: a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -5541,7 +5780,7 @@ spec: location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming - pod if and only if every possible node assigment + pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread @@ -6021,9 +6260,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent - volumes at the same time. \n This is a beta feature - and only available when the GenericEphemeralVolume - feature gate is enabled." + volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -6180,7 +6417,13 @@ spec: resources: description: 'Resources represents the minimum resources the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements that + are lower than previous value but + must still be higher than capacity + recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -8577,9 +8820,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -8650,10 +8892,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -8678,21 +8922,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -8763,10 +9005,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -8792,9 +9036,7 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -8818,6 +9060,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -8885,10 +9147,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -8996,9 +9256,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9022,6 +9280,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9089,10 +9367,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9179,13 +9455,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -9206,7 +9485,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -9214,11 +9494,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -9226,7 +9509,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -9248,6 +9532,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -9257,7 +9543,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -9280,7 +9567,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -9309,7 +9598,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -9363,9 +9653,7 @@ spec: cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9389,6 +9677,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9456,10 +9764,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9689,22 +9995,21 @@ spec: it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field - is alpha-level and is only honored by servers that enable - the EphemeralContainers feature. + is beta-level and available on clusters that haven't + disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that - may be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they - will not be restarted when they exit or when a pod - is removed or restarted. If an ephemeral container - causes a pod to exceed its resource allocation, the - pod may be evicted. Ephemeral containers may not be - added by directly updating the pod spec. They must - be added via the pod's ephemeralcontainers subresource, - and they will appear in the pod spec once added. This - is an alpha feature enabled by the EphemeralContainers - feature flag. + will not be restarted when they exit or when a Pod + is removed or restarted. The kubelet may evict a Pod + if an ephemeral container causes the Pod to exceed + its resource allocation. \n To add an ephemeral container, + use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. + \n This is a beta feature available on clusters that + haven't disabled the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -9930,9 +10235,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -10003,10 +10307,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -10031,21 +10337,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -10116,10 +10420,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -10144,9 +10450,7 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10170,6 +10474,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10237,10 +10561,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10332,14 +10654,16 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10363,6 +10687,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10430,10 +10774,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10521,13 +10863,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -10548,7 +10893,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -10556,11 +10902,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -10568,7 +10917,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -10590,6 +10940,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -10599,7 +10951,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -10622,7 +10975,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -10651,7 +11006,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -10697,9 +11053,7 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10723,6 +11077,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10790,10 +11164,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10859,13 +11231,15 @@ spec: stdin will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from - PodSpec that this ephemeral container targets. + description: "If set, the name of the container + from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that the - container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container runtime + must implement support for this feature. If the + runtime does not support namespace targeting then + the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to @@ -10917,7 +11291,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -11279,9 +11654,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -11352,10 +11726,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -11380,21 +11756,19 @@ spec: API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod''s termination - grace period countdown begins before the PreStop - hooked is executed. Regardless of the outcome + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace - period. Other management of the container - blocks until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command @@ -11465,10 +11839,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. properties: host: description: 'Optional: Host name to @@ -11494,9 +11870,7 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11520,6 +11894,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11587,10 +11981,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11698,9 +12090,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11724,6 +12114,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11791,10 +12201,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11881,13 +12289,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run - as Privileged 2) has CAP_SYS_ADMIN' + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container - runtime. + runtime. Note that this field cannot be set + when spec.os.name is windows. properties: add: description: Added capabilities @@ -11908,7 +12319,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to - false. + false. Note that this field cannot be set + when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of proc @@ -11916,11 +12328,14 @@ spec: is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of @@ -11928,7 +12343,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -11950,6 +12366,8 @@ spec: be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -11959,7 +12377,8 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -11982,7 +12401,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -12011,7 +12432,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot be + set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -12065,9 +12487,7 @@ spec: cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -12091,6 +12511,26 @@ spec: 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12158,10 +12598,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12346,6 +12784,38 @@ spec: that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the + pod. Some pod and container fields are restricted if + this is set. \n If the OS field is set to linux, the + following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - + spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can + be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as os: + null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -12446,7 +12916,8 @@ spec: created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership - and permissions of any volume." + and permissions of any volume. Note that this field + cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: @@ -12457,7 +12928,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used.' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -12465,7 +12938,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for - that container. + that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -12484,7 +12958,8 @@ spec: image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12494,7 +12969,8 @@ spec: container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -12515,7 +12991,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -12540,7 +13017,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups - will be added to any container. + will be added to any container. Note that this field + cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -12549,6 +13027,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -12570,6 +13050,8 @@ spec: a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -12797,7 +13279,7 @@ spec: location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming - pod if and only if every possible node assigment + pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread @@ -13277,9 +13759,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent - volumes at the same time. \n This is a beta feature - and only available when the GenericEphemeralVolume - feature gate is enabled." + volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -13436,7 +13916,13 @@ spec: resources: description: 'Resources represents the minimum resources the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements that + are lower than previous value but + must still be higher than capacity + recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: diff --git a/config/crds/v1/bases/elasticsearch.k8s.elastic.co_elasticsearches.yaml b/config/crds/v1/bases/elasticsearch.k8s.elastic.co_elasticsearches.yaml index a2664c5be7f..2a9f8062923 100644 --- a/config/crds/v1/bases/elasticsearch.k8s.elastic.co_elasticsearches.yaml +++ b/config/crds/v1/bases/elasticsearch.k8s.elastic.co_elasticsearches.yaml @@ -175,12 +175,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -241,21 +238,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -269,17 +265,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -1870,9 +1865,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1943,10 +1937,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1973,21 +1969,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2058,10 +2052,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2088,9 +2084,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2115,6 +2110,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2183,10 +2199,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2297,9 +2311,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2324,6 +2337,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2392,10 +2426,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2486,13 +2518,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2513,7 +2548,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -2522,10 +2558,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -2533,7 +2573,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -2555,7 +2596,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -2565,7 +2607,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -2588,7 +2632,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -2619,7 +2665,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -2674,9 +2722,8 @@ spec: This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2701,6 +2748,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2769,10 +2837,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3009,23 +3075,23 @@ spec: and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters + that haven't disabled the EphemeralContainers feature + gate. items: - description: An EphemeralContainer is a container - that may be added temporarily to an existing pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a pod is removed or restarted. - If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. - Ephemeral containers may not be added by directly - updating the pod spec. They must be added via the - pod's ephemeralcontainers subresource, and they - will appear in the pod spec once added. This is - an alpha feature enabled by the EphemeralContainers - feature flag. + description: "An EphemeralContainer is a temporary + container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral + containers have no resource or scheduling guarantees, + and they will not be restarted when they exit or + when a Pod is removed or restarted. The kubelet + may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To + add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers + may not be removed or restarted. \n This is a beta + feature available on clusters that haven't disabled + the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The @@ -3255,9 +3321,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3328,10 +3393,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3358,21 +3425,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3443,10 +3508,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3472,9 +3539,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3499,6 +3565,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3567,10 +3654,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3664,14 +3749,17 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3696,6 +3784,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3764,10 +3873,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3858,13 +3965,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3885,7 +3995,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -3894,10 +4005,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -3905,7 +4020,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -3927,7 +4043,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3937,7 +4054,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -3960,7 +4079,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -3991,7 +4112,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -4038,9 +4161,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4065,6 +4187,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4133,10 +4276,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4206,13 +4347,15 @@ spec: EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that - the container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container + runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file @@ -4265,7 +4408,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -4634,9 +4778,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -4707,10 +4850,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -4737,21 +4882,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -4822,10 +4965,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -4852,9 +4997,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4879,6 +5023,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4947,10 +5112,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5061,9 +5224,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -5088,6 +5250,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5156,10 +5339,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5250,13 +5431,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -5277,7 +5461,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -5286,10 +5471,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -5297,7 +5486,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5319,7 +5509,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -5329,7 +5520,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -5352,7 +5545,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -5383,7 +5578,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -5438,9 +5635,8 @@ spec: This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -5465,6 +5661,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5533,10 +5750,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5726,6 +5941,39 @@ spec: on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in + the pod. Some pod and container fields are restricted + if this is set. \n If the OS field is set to linux, + the following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - + spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -5828,7 +6076,9 @@ spec: is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume." + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -5839,7 +6089,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used.' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -5847,7 +6099,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5868,6 +6121,8 @@ spec: set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -5877,7 +6132,8 @@ spec: for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -5898,7 +6154,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5924,7 +6181,9 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, - no groups will be added to any container. + no groups will be added to any container. Note + that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -5933,6 +6192,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5954,6 +6215,8 @@ spec: within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -6187,7 +6450,7 @@ spec: topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -6677,9 +6940,7 @@ spec: - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at - the same time. \n This is a beta feature and - only available when the GenericEphemeralVolume - feature gate is enabled." + the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -6841,7 +7102,13 @@ spec: resources: description: 'Resources represents the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than capacity + recorded in the status field of + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -8077,7 +8344,11 @@ spec: type: object resources: description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -8178,6 +8449,27 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object capacity: additionalProperties: anyOf: @@ -8231,6 +8523,14 @@ spec: description: Phase represents the current phase of PersistentVolumeClaim. type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string type: object type: object type: array @@ -8508,12 +8808,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -8574,21 +8871,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -8602,17 +8898,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -9039,12 +9334,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -9105,21 +9397,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -9133,17 +9424,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -10658,9 +10948,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -10731,10 +11020,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -10761,21 +11052,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -10846,10 +11135,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -10876,9 +11167,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -10903,6 +11193,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10971,10 +11282,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11085,9 +11394,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -11112,6 +11420,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11180,10 +11509,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11274,13 +11601,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -11301,7 +11631,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -11310,10 +11641,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -11321,7 +11656,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -11343,7 +11679,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -11353,7 +11690,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -11376,7 +11715,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -11407,7 +11748,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -11462,9 +11805,8 @@ spec: This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -11489,6 +11831,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11557,10 +11920,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11797,23 +12158,23 @@ spec: and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters + that haven't disabled the EphemeralContainers feature + gate. items: - description: An EphemeralContainer is a container - that may be added temporarily to an existing pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a pod is removed or restarted. - If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. - Ephemeral containers may not be added by directly - updating the pod spec. They must be added via the - pod's ephemeralcontainers subresource, and they - will appear in the pod spec once added. This is - an alpha feature enabled by the EphemeralContainers - feature flag. + description: "An EphemeralContainer is a temporary + container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral + containers have no resource or scheduling guarantees, + and they will not be restarted when they exit or + when a Pod is removed or restarted. The kubelet + may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To + add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers + may not be removed or restarted. \n This is a beta + feature available on clusters that haven't disabled + the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The @@ -12043,9 +12404,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -12116,10 +12476,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -12146,21 +12508,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -12231,10 +12591,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -12260,9 +12622,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -12287,6 +12648,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12355,10 +12737,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12452,14 +12832,17 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -12484,6 +12867,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12552,10 +12956,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12646,13 +13048,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -12673,7 +13078,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -12682,10 +13088,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -12693,7 +13103,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -12715,7 +13126,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12725,7 +13137,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -12748,7 +13162,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -12779,7 +13195,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -12826,9 +13244,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -12853,6 +13270,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12921,10 +13359,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12994,13 +13430,15 @@ spec: EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that - the container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container + runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file @@ -13053,7 +13491,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -13422,9 +13861,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -13495,10 +13933,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -13525,21 +13965,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -13610,10 +14048,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -13640,9 +14080,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -13667,6 +14106,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -13735,10 +14195,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -13849,9 +14307,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -13876,6 +14333,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -13944,10 +14422,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -14038,13 +14514,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -14065,7 +14544,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -14074,10 +14554,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -14085,7 +14569,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -14107,7 +14592,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -14117,7 +14603,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -14140,7 +14628,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -14171,7 +14661,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -14226,9 +14718,8 @@ spec: This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -14253,6 +14744,27 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -14321,10 +14833,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -14514,6 +15024,39 @@ spec: on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in + the pod. Some pod and container fields are restricted + if this is set. \n If the OS field is set to linux, + the following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - + spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -14616,7 +15159,9 @@ spec: is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume." + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -14627,7 +15172,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used.' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -14635,7 +15182,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -14656,6 +15204,8 @@ spec: set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -14665,7 +15215,8 @@ spec: for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -14686,7 +15237,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -14712,7 +15264,9 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, - no groups will be added to any container. + no groups will be added to any container. Note + that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -14721,6 +15275,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -14742,6 +15298,8 @@ spec: within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -14975,7 +15533,7 @@ spec: topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -15465,9 +16023,7 @@ spec: - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at - the same time. \n This is a beta feature and - only available when the GenericEphemeralVolume - feature gate is enabled." + the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -15629,7 +16185,13 @@ spec: resources: description: 'Resources represents the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than capacity + recorded in the status field of + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -16864,7 +17426,11 @@ spec: type: object resources: description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -16965,6 +17531,27 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object capacity: additionalProperties: anyOf: @@ -17018,6 +17605,14 @@ spec: description: Phase represents the current phase of PersistentVolumeClaim. type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string type: object type: object type: array diff --git a/config/crds/v1/bases/enterprisesearch.k8s.elastic.co_enterprisesearches.yaml b/config/crds/v1/bases/enterprisesearch.k8s.elastic.co_enterprisesearches.yaml index 74c91e13f15..819c8d79354 100644 --- a/config/crds/v1/bases/enterprisesearch.k8s.elastic.co_enterprisesearches.yaml +++ b/config/crds/v1/bases/enterprisesearch.k8s.elastic.co_enterprisesearches.yaml @@ -185,12 +185,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -251,21 +248,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -279,17 +275,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -1684,9 +1679,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1751,10 +1744,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -1779,20 +1773,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1857,10 +1848,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -1886,8 +1878,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -1909,6 +1900,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1974,9 +1985,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2080,8 +2090,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -2103,6 +2112,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2168,9 +2197,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2254,12 +2282,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2279,7 +2309,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -2287,11 +2319,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -2299,6 +2333,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -2318,7 +2354,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -2328,6 +2365,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -2350,7 +2389,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -2378,6 +2418,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -2426,8 +2468,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -2449,6 +2490,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2514,9 +2575,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2740,21 +2800,21 @@ spec: be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters that + haven't disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that may - be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not - be restarted when they exit or when a pod is removed or - restarted. If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. Ephemeral - containers may not be added by directly updating the pod - spec. They must be added via the pod's ephemeralcontainers - subresource, and they will appear in the pod spec once - added. This is an alpha feature enabled by the EphemeralContainers - feature flag. + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted. \n This is a beta feature + available on clusters that haven't disabled the EphemeralContainers + feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -2974,9 +3034,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3041,10 +3099,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3069,20 +3128,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3147,10 +3203,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3174,8 +3231,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3197,6 +3253,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3262,9 +3338,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3351,12 +3426,15 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3378,6 +3456,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3443,9 +3541,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3530,12 +3627,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3555,7 +3654,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -3563,11 +3664,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -3575,6 +3678,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -3594,7 +3699,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3604,6 +3710,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -3626,7 +3734,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -3654,6 +3763,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -3694,8 +3805,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3717,6 +3827,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3782,9 +3912,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3847,13 +3976,15 @@ spec: will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then - the ephemeral container is run in whatever namespaces - are shared for the pod. Note that the container runtime - must support this feature. + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to which @@ -3905,7 +4036,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -4253,9 +4385,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4320,10 +4450,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -4348,20 +4479,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4426,10 +4554,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -4455,8 +4584,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4478,6 +4606,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4543,9 +4691,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4649,8 +4796,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4672,6 +4818,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4737,9 +4903,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4823,12 +4988,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4848,7 +5015,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -4856,11 +5025,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -4868,6 +5039,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -4887,7 +5060,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4897,6 +5071,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -4919,7 +5095,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -4947,6 +5124,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -4995,8 +5174,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -5018,6 +5196,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5083,9 +5281,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5265,6 +5462,35 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This is + an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -5361,7 +5587,8 @@ spec: in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any - volume." + volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -5372,14 +5599,16 @@ spec: permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5398,7 +5627,8 @@ spec: if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -5407,7 +5637,8 @@ spec: allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -5428,7 +5659,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set when + spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5453,7 +5685,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added - to any container. + to any container. Note that this field cannot be set + when spec.os.name is windows. items: format: int64 type: integer @@ -5461,7 +5694,8 @@ spec: sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5482,7 +5716,8 @@ spec: all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -5699,7 +5934,7 @@ spec: higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P @@ -6151,9 +6386,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." + at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -6302,8 +6535,13 @@ spec: type: object resources: description: 'Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -7562,12 +7800,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -7628,21 +7863,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -7656,17 +7890,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -9061,9 +9294,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9128,10 +9359,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -9156,20 +9388,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9234,10 +9463,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -9263,8 +9493,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9286,6 +9515,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9351,9 +9600,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9457,8 +9705,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9480,6 +9727,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9545,9 +9812,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9631,12 +9897,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -9656,7 +9924,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -9664,11 +9934,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -9676,6 +9948,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -9695,7 +9969,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -9705,6 +9980,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -9727,7 +10004,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -9755,6 +10033,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -9803,8 +10083,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9826,6 +10105,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9891,9 +10190,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10117,21 +10415,21 @@ spec: be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters that + haven't disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that may - be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not - be restarted when they exit or when a pod is removed or - restarted. If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. Ephemeral - containers may not be added by directly updating the pod - spec. They must be added via the pod's ephemeralcontainers - subresource, and they will appear in the pod spec once - added. This is an alpha feature enabled by the EphemeralContainers - feature flag. + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted. \n This is a beta feature + available on clusters that haven't disabled the EphemeralContainers + feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -10351,9 +10649,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10418,10 +10714,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -10446,20 +10743,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10524,10 +10818,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -10551,8 +10846,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -10574,6 +10868,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10639,9 +10953,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10728,12 +11041,15 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -10755,6 +11071,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10820,9 +11156,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10907,12 +11242,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -10932,7 +11269,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -10940,11 +11279,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -10952,6 +11293,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -10971,7 +11314,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -10981,6 +11325,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -11003,7 +11349,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -11031,6 +11378,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -11071,8 +11420,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -11094,6 +11442,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11159,9 +11527,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11224,13 +11591,15 @@ spec: will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then - the ephemeral container is run in whatever namespaces - are shared for the pod. Note that the container runtime - must support this feature. + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to which @@ -11282,7 +11651,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -11630,9 +12000,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11697,10 +12065,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -11725,20 +12094,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11803,10 +12169,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -11832,8 +12199,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -11855,6 +12221,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11920,9 +12306,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12026,8 +12411,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -12049,6 +12433,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12114,9 +12518,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12200,12 +12603,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -12225,7 +12630,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -12233,11 +12640,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -12245,6 +12654,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -12264,7 +12675,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12274,6 +12686,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -12296,7 +12710,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -12324,6 +12739,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -12372,8 +12789,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -12395,6 +12811,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12460,9 +12896,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12642,6 +13077,35 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This is + an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -12738,7 +13202,8 @@ spec: in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any - volume." + volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -12749,14 +13214,16 @@ spec: permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -12775,7 +13242,8 @@ spec: if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12784,7 +13252,8 @@ spec: allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -12805,7 +13274,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set when + spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -12830,7 +13300,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added - to any container. + to any container. Note that this field cannot be set + when spec.os.name is windows. items: format: int64 type: integer @@ -12838,7 +13309,8 @@ spec: sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -12859,7 +13331,8 @@ spec: all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -13076,7 +13549,7 @@ spec: higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P @@ -13528,9 +14001,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." + at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -13679,8 +14150,13 @@ spec: type: object resources: description: 'Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: diff --git a/config/crds/v1/bases/kibana.k8s.elastic.co_kibanas.yaml b/config/crds/v1/bases/kibana.k8s.elastic.co_kibanas.yaml index e7bd2c2be84..1ae0fbfcb7f 100644 --- a/config/crds/v1/bases/kibana.k8s.elastic.co_kibanas.yaml +++ b/config/crds/v1/bases/kibana.k8s.elastic.co_kibanas.yaml @@ -194,12 +194,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -260,21 +257,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -288,17 +284,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -1766,9 +1761,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1833,10 +1826,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -1861,20 +1855,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1939,10 +1930,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -1968,8 +1960,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -1991,6 +1982,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2056,9 +2067,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2162,8 +2172,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -2185,6 +2194,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2250,9 +2279,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2336,12 +2364,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2361,7 +2391,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -2369,11 +2401,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -2381,6 +2415,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -2400,7 +2436,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -2410,6 +2447,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -2432,7 +2471,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -2460,6 +2500,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -2508,8 +2550,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -2531,6 +2572,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2596,9 +2657,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2822,21 +2882,21 @@ spec: be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters that + haven't disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that may - be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not - be restarted when they exit or when a pod is removed or - restarted. If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. Ephemeral - containers may not be added by directly updating the pod - spec. They must be added via the pod's ephemeralcontainers - subresource, and they will appear in the pod spec once - added. This is an alpha feature enabled by the EphemeralContainers - feature flag. + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted. \n This is a beta feature + available on clusters that haven't disabled the EphemeralContainers + feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -3056,9 +3116,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3123,10 +3181,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3151,20 +3210,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3229,10 +3285,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3256,8 +3313,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3279,6 +3335,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3344,9 +3420,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3433,12 +3508,15 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3460,6 +3538,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3525,9 +3623,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3612,12 +3709,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3637,7 +3736,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -3645,11 +3746,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -3657,6 +3760,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -3676,7 +3781,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3686,6 +3792,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -3708,7 +3816,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -3736,6 +3845,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -3776,8 +3887,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3799,6 +3909,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3864,9 +3994,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3929,13 +4058,15 @@ spec: will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then - the ephemeral container is run in whatever namespaces - are shared for the pod. Note that the container runtime - must support this feature. + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to which @@ -3987,7 +4118,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -4335,9 +4467,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4402,10 +4532,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -4430,20 +4561,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4508,10 +4636,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -4537,8 +4666,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4560,6 +4688,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4625,9 +4773,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4731,8 +4878,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4754,6 +4900,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4819,9 +4985,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4905,12 +5070,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4930,7 +5097,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -4938,11 +5107,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -4950,6 +5121,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -4969,7 +5142,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4979,6 +5153,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -5001,7 +5177,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5029,6 +5206,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -5077,8 +5256,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -5100,6 +5278,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5165,9 +5363,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5347,6 +5544,35 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This is + an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -5443,7 +5669,8 @@ spec: in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any - volume." + volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -5454,14 +5681,16 @@ spec: permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5480,7 +5709,8 @@ spec: if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -5489,7 +5719,8 @@ spec: allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -5510,7 +5741,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set when + spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5535,7 +5767,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added - to any container. + to any container. Note that this field cannot be set + when spec.os.name is windows. items: format: int64 type: integer @@ -5543,7 +5776,8 @@ spec: sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5564,7 +5798,8 @@ spec: all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -5781,7 +6016,7 @@ spec: higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P @@ -6233,9 +6468,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." + at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -6384,8 +6617,13 @@ spec: type: object resources: description: 'Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -7674,12 +7912,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -7740,21 +7975,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -7768,17 +8002,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -9172,9 +9405,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9239,10 +9470,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -9267,20 +9499,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -9345,10 +9574,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -9374,8 +9604,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9397,6 +9626,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9462,9 +9711,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9568,8 +9816,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9591,6 +9838,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -9656,9 +9923,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -9742,12 +10008,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -9767,7 +10035,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -9775,11 +10045,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -9787,6 +10059,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -9806,7 +10080,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -9816,6 +10091,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -9838,7 +10115,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -9866,6 +10144,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -9914,8 +10194,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -9937,6 +10216,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10002,9 +10301,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10228,21 +10526,21 @@ spec: be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters that + haven't disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that may - be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not - be restarted when they exit or when a pod is removed or - restarted. If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. Ephemeral - containers may not be added by directly updating the pod - spec. They must be added via the pod's ephemeralcontainers - subresource, and they will appear in the pod spec once - added. This is an alpha feature enabled by the EphemeralContainers - feature flag. + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted. \n This is a beta feature + available on clusters that haven't disabled the EphemeralContainers + feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -10462,9 +10760,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10529,10 +10825,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -10557,20 +10854,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -10635,10 +10929,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -10662,8 +10957,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -10685,6 +10979,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10750,9 +11064,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -10839,12 +11152,15 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -10866,6 +11182,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -10931,9 +11267,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11018,12 +11353,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -11043,7 +11380,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -11051,11 +11390,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -11063,6 +11404,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -11082,7 +11425,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -11092,6 +11436,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -11114,7 +11460,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -11142,6 +11489,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -11182,8 +11531,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -11205,6 +11553,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -11270,9 +11638,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -11335,13 +11702,15 @@ spec: will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then - the ephemeral container is run in whatever namespaces - are shared for the pod. Note that the container runtime - must support this feature. + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to which @@ -11393,7 +11762,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -11741,9 +12111,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11808,10 +12176,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -11836,20 +12205,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -11914,10 +12280,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -11943,8 +12310,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -11966,6 +12332,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12031,9 +12417,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12137,8 +12522,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -12160,6 +12544,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12225,9 +12629,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12311,12 +12714,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -12336,7 +12741,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -12344,11 +12751,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -12356,6 +12765,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -12375,7 +12786,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12385,6 +12797,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -12407,7 +12821,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -12435,6 +12850,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -12483,8 +12900,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -12506,6 +12922,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -12571,9 +13007,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -12753,6 +13188,35 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This is + an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -12849,7 +13313,8 @@ spec: in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any - volume." + volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -12860,14 +13325,16 @@ spec: permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -12886,7 +13353,8 @@ spec: if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -12895,7 +13363,8 @@ spec: allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -12916,7 +13385,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set when + spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -12941,7 +13411,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added - to any container. + to any container. Note that this field cannot be set + when spec.os.name is windows. items: format: int64 type: integer @@ -12949,7 +13420,8 @@ spec: sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -12970,7 +13442,8 @@ spec: all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -13187,7 +13660,7 @@ spec: higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P @@ -13639,9 +14112,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." + at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -13790,8 +14261,13 @@ spec: type: object resources: description: 'Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: diff --git a/config/crds/v1/bases/maps.k8s.elastic.co_elasticmapsservers.yaml b/config/crds/v1/bases/maps.k8s.elastic.co_elasticmapsservers.yaml index d454da463ae..2dd0077e187 100644 --- a/config/crds/v1/bases/maps.k8s.elastic.co_elasticmapsservers.yaml +++ b/config/crds/v1/bases/maps.k8s.elastic.co_elasticmapsservers.yaml @@ -186,12 +186,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -252,21 +249,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -280,17 +276,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -1685,9 +1680,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1752,10 +1745,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -1780,20 +1774,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -1858,10 +1849,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -1887,8 +1879,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -1910,6 +1901,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1975,9 +1986,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2081,8 +2091,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -2104,6 +2113,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2169,9 +2198,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2255,12 +2283,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2280,7 +2310,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -2288,11 +2320,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -2300,6 +2334,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -2319,7 +2355,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -2329,6 +2366,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -2351,7 +2390,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -2379,6 +2419,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -2427,8 +2469,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -2450,6 +2491,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2515,9 +2576,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2741,21 +2801,21 @@ spec: be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters that + haven't disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that may - be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not - be restarted when they exit or when a pod is removed or - restarted. If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. Ephemeral - containers may not be added by directly updating the pod - spec. They must be added via the pod's ephemeralcontainers - subresource, and they will appear in the pod spec once - added. This is an alpha feature enabled by the EphemeralContainers - feature flag. + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted. \n This is a beta feature + available on clusters that haven't disabled the EphemeralContainers + feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -2975,9 +3035,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3042,10 +3100,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3070,20 +3129,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3148,10 +3204,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3175,8 +3232,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3198,6 +3254,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3263,9 +3339,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3352,12 +3427,15 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3379,6 +3457,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3444,9 +3542,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3531,12 +3628,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3556,7 +3655,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -3564,11 +3665,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -3576,6 +3679,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -3595,7 +3700,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3605,6 +3711,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -3627,7 +3735,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -3655,6 +3764,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -3695,8 +3806,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3718,6 +3828,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3783,9 +3913,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3848,13 +3977,15 @@ spec: will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then - the ephemeral container is run in whatever namespaces - are shared for the pod. Note that the container runtime - must support this feature. + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to which @@ -3906,7 +4037,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -4254,9 +4386,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4321,10 +4451,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -4349,20 +4480,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -4427,10 +4555,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -4456,8 +4585,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4479,6 +4607,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4544,9 +4692,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4650,8 +4797,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4673,6 +4819,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4738,9 +4904,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4824,12 +4989,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4849,7 +5016,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -4857,11 +5026,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -4869,6 +5040,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -4888,7 +5061,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4898,6 +5072,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -4920,7 +5096,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -4948,6 +5125,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -4996,8 +5175,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -5019,6 +5197,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5084,9 +5282,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5266,6 +5463,35 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This is + an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -5362,7 +5588,8 @@ spec: in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any - volume." + volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -5373,14 +5600,16 @@ spec: permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5399,7 +5628,8 @@ spec: if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -5408,7 +5638,8 @@ spec: allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -5429,7 +5660,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set when + spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5454,7 +5686,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added - to any container. + to any container. Note that this field cannot be set + when spec.os.name is windows. items: format: int64 type: integer @@ -5462,7 +5695,8 @@ spec: sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5483,7 +5717,8 @@ spec: all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -5700,7 +5935,7 @@ spec: higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P @@ -6152,9 +6387,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." + at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -6303,8 +6536,13 @@ spec: type: object resources: description: 'Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: diff --git a/deploy/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml b/deploy/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml index d0ae622f629..473e05ff346 100644 --- a/deploy/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml +++ b/deploy/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml @@ -361,12 +361,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -427,21 +424,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -455,17 +451,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -993,12 +988,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -1059,21 +1051,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -1087,17 +1078,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -1592,12 +1582,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -1658,21 +1645,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -1686,17 +1672,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -2568,12 +2553,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -2634,21 +2616,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -2662,17 +2643,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -3138,12 +3118,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -3204,21 +3181,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -3232,17 +3208,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -3698,7 +3673,11 @@ spec: type: object resources: description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -3799,6 +3778,27 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object capacity: additionalProperties: anyOf: @@ -3852,6 +3852,14 @@ spec: description: Phase represents the current phase of PersistentVolumeClaim. type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string type: object type: object type: array @@ -4129,12 +4137,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -4195,21 +4200,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -4223,17 +4227,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -4660,12 +4663,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -4726,21 +4726,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -4754,17 +4753,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -5143,7 +5141,11 @@ spec: type: object resources: description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -5244,6 +5246,27 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object capacity: additionalProperties: anyOf: @@ -5297,6 +5320,14 @@ spec: description: Phase represents the current phase of PersistentVolumeClaim. type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string type: object type: object type: array @@ -5701,12 +5732,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -5767,21 +5795,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -5795,17 +5822,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -6251,12 +6277,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -6317,21 +6340,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -6345,17 +6367,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -6839,12 +6860,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -6905,21 +6923,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -6933,17 +6950,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load @@ -7492,12 +7508,9 @@ spec: specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. - \n Unless the \"IPv6DualStack\" feature gate is enabled, - this field is limited to one value, which must be the - same as the clusterIP field. If the feature gate is - enabled, this field may hold a maximum of two entries - (dual-stack IPs, in either order). These IPs must correspond - to the values of the ipFamilies field. Both clusterIPs + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: @@ -7558,21 +7571,20 @@ spec: type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally + creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" + IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be - wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries (dual-stack + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy @@ -7586,17 +7598,16 @@ spec: x-kubernetes-list-type: atomic ipFamilyPolicy: description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated - by the "IPv6DualStack" feature gate. If there is no + requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type - ExternalName. + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. type: string loadBalancerClass: description: loadBalancerClass is the class of the load diff --git a/docs/reference/dependencies.asciidoc b/docs/reference/dependencies.asciidoc index 3b12ea5653d..be92a7981a3 100644 --- a/docs/reference/dependencies.asciidoc +++ b/docs/reference/dependencies.asciidoc @@ -25,7 +25,7 @@ This page lists the third-party dependencies used to build {n}. | link:https://github.com/elastic/go-ucfg[$$github.com/elastic/go-ucfg$$] | v0.8.4 | Apache-2.0 | link:https://github.com/fsnotify/fsnotify[$$github.com/fsnotify/fsnotify$$] | v1.5.1 | BSD-3-Clause | link:https://github.com/ghodss/yaml[$$github.com/ghodss/yaml$$] | v1.0.0 | MIT -| link:https://github.com/go-logr/logr[$$github.com/go-logr/logr$$] | v0.4.0 | Apache-2.0 +| link:https://github.com/go-logr/logr[$$github.com/go-logr/logr$$] | v1.2.0 | Apache-2.0 | link:https://github.com/go-test/deep[$$github.com/go-test/deep$$] | v1.0.8 | MIT | link:https://github.com/gobuffalo/flect[$$github.com/gobuffalo/flect$$] | v0.2.4 | MIT | link:https://github.com/google/go-cmp[$$github.com/google/go-cmp$$] | v0.5.6 | BSD-3-Clause @@ -37,7 +37,7 @@ This page lists the third-party dependencies used to build {n}. | link:https://github.com/pkg/errors[$$github.com/pkg/errors$$] | v0.9.1 | BSD-2-Clause | link:https://github.com/pmezard/go-difflib[$$github.com/pmezard/go-difflib$$] | v1.0.0 | BSD-3-Clause | link:https://github.com/prometheus/client_golang[$$github.com/prometheus/client_golang$$] | v1.11.0 | Apache-2.0 -| link:https://github.com/prometheus/common[$$github.com/prometheus/common$$] | v0.26.0 | Apache-2.0 +| link:https://github.com/prometheus/common[$$github.com/prometheus/common$$] | v0.28.0 | Apache-2.0 | link:https://github.com/sethvargo/go-password[$$github.com/sethvargo/go-password$$] | v0.2.0 | MIT | link:https://github.com/spf13/cobra[$$github.com/spf13/cobra$$] | v1.3.0 | Apache-2.0 | link:https://github.com/spf13/pflag[$$github.com/spf13/pflag$$] | v1.0.5 | BSD-3-Clause @@ -51,12 +51,12 @@ This page lists the third-party dependencies used to build {n}. | link:https://golang.org/x/crypto[$$golang.org/x/crypto$$] | v0.0.0-20210817164053-32db794688a5 | BSD-3-Clause | link:https://gopkg.in/yaml.v2[$$gopkg.in/yaml.v2$$] | v2.4.0 | Apache-2.0 | link:https://gopkg.in/yaml.v3[$$gopkg.in/yaml.v3$$] | v3.0.0-20210107192922-496545a6307b | MIT -| link:https://github.com/kubernetes/api[$$k8s.io/api$$] | v0.22.4 | Apache-2.0 -| link:https://github.com/kubernetes/apimachinery[$$k8s.io/apimachinery$$] | v0.22.4 | Apache-2.0 -| link:https://github.com/kubernetes/client-go[$$k8s.io/client-go$$] | v0.22.4 | Apache-2.0 -| link:https://github.com/kubernetes/klog[$$k8s.io/klog/v2$$] | v2.10.0 | Apache-2.0 -| link:https://github.com/kubernetes/utils[$$k8s.io/utils$$] | v0.0.0-20210819203725-bdf08cb9a70a | Apache-2.0 -| link:https://sigs.k8s.io/controller-runtime[$$sigs.k8s.io/controller-runtime$$] | v0.10.3 | Apache-2.0 +| link:https://github.com/kubernetes/api[$$k8s.io/api$$] | v0.23.0 | Apache-2.0 +| link:https://github.com/kubernetes/apimachinery[$$k8s.io/apimachinery$$] | v0.23.0 | Apache-2.0 +| link:https://github.com/kubernetes/client-go[$$k8s.io/client-go$$] | v0.23.0 | Apache-2.0 +| link:https://github.com/kubernetes/klog[$$k8s.io/klog/v2$$] | v2.30.0 | Apache-2.0 +| link:https://github.com/kubernetes/utils[$$k8s.io/utils$$] | v0.0.0-20210930125809-cb0fa318a74b | Apache-2.0 +| link:https://sigs.k8s.io/controller-runtime[$$sigs.k8s.io/controller-runtime$$] | v0.11.0 | Apache-2.0 | link:https://sigs.k8s.io/controller-tools[$$sigs.k8s.io/controller-tools$$] | v0.7.0 | Apache-2.0 |=== @@ -86,11 +86,11 @@ This page lists the third-party dependencies used to build {n}. | link:https://github.com/elastic/go-sysinfo[$$github.com/elastic/go-sysinfo$$] | v1.1.1 | Apache-2.0 | link:https://github.com/elastic/go-windows[$$github.com/elastic/go-windows$$] | v1.0.0 | Apache-2.0 | link:https://github.com/elazarl/goproxy[$$github.com/elazarl/goproxy$$] | v0.0.0-20190711103511-473e67f1d7d2 | BSD-3-Clause -| link:https://github.com/evanphx/json-patch[$$github.com/evanphx/json-patch$$] | v4.11.0+incompatible | BSD-3-Clause +| link:https://github.com/evanphx/json-patch[$$github.com/evanphx/json-patch$$] | v4.12.0+incompatible | BSD-3-Clause | link:https://github.com/fatih/color[$$github.com/fatih/color$$] | v1.13.0 | MIT | link:https://github.com/fatih/structs[$$github.com/fatih/structs$$] | v1.1.0 | MIT | link:https://github.com/frankban/quicktest[$$github.com/frankban/quicktest$$] | v1.13.0 | MIT -| link:https://github.com/go-logr/zapr[$$github.com/go-logr/zapr$$] | v0.4.0 | Apache-2.0 +| link:https://github.com/go-logr/zapr[$$github.com/go-logr/zapr$$] | v1.2.0 | Apache-2.0 | link:https://github.com/gogo/protobuf[$$github.com/gogo/protobuf$$] | v1.3.2 | BSD-3-Clause | link:https://github.com/golang/groupcache[$$github.com/golang/groupcache$$] | v0.0.0-20210331224755-41bb18bfe9da | Apache-2.0 | link:https://github.com/golang/protobuf[$$github.com/golang/protobuf$$] | v1.5.2 | BSD-3-Clause @@ -139,8 +139,8 @@ This page lists the third-party dependencies used to build {n}. | link:https://github.com/niemeyer/pretty[$$github.com/niemeyer/pretty$$] | v0.0.0-20200227124842-a10e7caefd8e | MIT | link:https://github.com/nxadm/tail[$$github.com/nxadm/tail$$] | v1.4.8 | MIT | link:https://github.com/oklog/run[$$github.com/oklog/run$$] | v1.0.0 | Apache-2.0 -| link:https://github.com/onsi/ginkgo[$$github.com/onsi/ginkgo$$] | v1.16.4 | MIT -| link:https://github.com/onsi/gomega[$$github.com/onsi/gomega$$] | v1.15.0 | MIT +| link:https://github.com/onsi/ginkgo[$$github.com/onsi/ginkgo$$] | v1.16.5 | MIT +| link:https://github.com/onsi/gomega[$$github.com/onsi/gomega$$] | v1.17.0 | MIT | link:https://github.com/pascaldekloe/goe[$$github.com/pascaldekloe/goe$$] | v0.1.0 | Public Domain | link:https://github.com/pelletier/go-toml[$$github.com/pelletier/go-toml$$] | v1.9.4 | Apache-2.0 | link:https://github.com/pierrec/lz4[$$github.com/pierrec/lz4$$] | v2.5.2+incompatible | BSD-3-Clause @@ -158,18 +158,18 @@ This page lists the third-party dependencies used to build {n}. | link:https://go.elastic.co/apm/module/apmhttp[$$go.elastic.co/apm/module/apmhttp$$] | v1.15.0 | Apache-2.0 | link:https://go.elastic.co/fastjson[$$go.elastic.co/fastjson$$] | v1.1.0 | MIT | link:https://go.uber.org/atomic[$$go.uber.org/atomic$$] | v1.9.0 | MIT -| link:https://go.uber.org/goleak[$$go.uber.org/goleak$$] | v1.1.11-0.20210813005559-691160354723 | MIT +| link:https://go.uber.org/goleak[$$go.uber.org/goleak$$] | v1.1.12 | MIT | link:https://go.uber.org/multierr[$$go.uber.org/multierr$$] | v1.6.0 | MIT | link:https://golang.org/x/exp[$$golang.org/x/exp$$] | v0.0.0-20200224162631-6cc2880d07d6 | BSD-3-Clause | link:https://golang.org/x/lint[$$golang.org/x/lint$$] | v0.0.0-20210508222113-6edffad5e616 | BSD-3-Clause | link:https://golang.org/x/mod[$$golang.org/x/mod$$] | v0.5.0 | BSD-3-Clause -| link:https://golang.org/x/net[$$golang.org/x/net$$] | v0.0.0-20210813160813-60bc85c4be6d | BSD-3-Clause +| link:https://golang.org/x/net[$$golang.org/x/net$$] | v0.0.0-20210825183410-e898025ed96a | BSD-3-Clause | link:https://golang.org/x/oauth2[$$golang.org/x/oauth2$$] | v0.0.0-20211104180415-d3ed0bb246c8 | BSD-3-Clause | link:https://golang.org/x/sys[$$golang.org/x/sys$$] | v0.0.0-20211210111614-af8b64212486 | BSD-3-Clause -| link:https://golang.org/x/term[$$golang.org/x/term$$] | v0.0.0-20210220032956-6a3ed077a48d | BSD-3-Clause +| link:https://golang.org/x/term[$$golang.org/x/term$$] | v0.0.0-20210615171337-6886f2dfbf5b | BSD-3-Clause | link:https://golang.org/x/text[$$golang.org/x/text$$] | v0.3.7 | BSD-3-Clause | link:https://golang.org/x/time[$$golang.org/x/time$$] | v0.0.0-20210723032227-1f47c861a9ac | BSD-3-Clause -| link:https://golang.org/x/tools[$$golang.org/x/tools$$] | v0.1.5 | BSD-3-Clause +| link:https://golang.org/x/tools[$$golang.org/x/tools$$] | v0.1.6-0.20210820212750-d4cc65f0b2ff | BSD-3-Clause | link:https://golang.org/x/xerrors[$$golang.org/x/xerrors$$] | v0.0.0-20200804184101-5ec99f83aff1 | BSD-3-Clause | link:https://gomodules.xyz/jsonpatch/v2[$$gomodules.xyz/jsonpatch/v2$$] | v2.2.0 | Apache-2.0 | link:https://github.com/gonum/gonum[$$gonum.org/v1/gonum$$] | v0.0.0-20181121035319-3f7ecaa7e8ca | BSD-3-Clause @@ -183,10 +183,11 @@ This page lists the third-party dependencies used to build {n}. | link:https://gopkg.in/square/go-jose.v2[$$gopkg.in/square/go-jose.v2$$] | v2.5.1 | Apache-2.0 | link:https://gopkg.in/tomb.v1[$$gopkg.in/tomb.v1$$] | v1.0.0-20141024135613-dd632973f1e7 | BSD-3-Clause | link:https://gitlab.howett.net/go/plist[$$howett.net/plist$$] | v0.0.0-20181124034731-591f970eefbb | BSD-2-Clause -| link:https://github.com/kubernetes/apiextensions-apiserver[$$k8s.io/apiextensions-apiserver$$] | v0.22.2 | Apache-2.0 -| link:https://github.com/kubernetes/component-base[$$k8s.io/component-base$$] | v0.22.2 | Apache-2.0 -| link:https://github.com/kubernetes/kube-openapi[$$k8s.io/kube-openapi$$] | v0.0.0-20211109043538-20434351676c | Apache-2.0 -| link:https://sigs.k8s.io/structured-merge-diff/v4[$$sigs.k8s.io/structured-merge-diff/v4$$] | v4.1.2 | Apache-2.0 -| link:https://sigs.k8s.io/yaml[$$sigs.k8s.io/yaml$$] | v1.2.0 | MIT +| link:https://github.com/kubernetes/apiextensions-apiserver[$$k8s.io/apiextensions-apiserver$$] | v0.23.0 | Apache-2.0 +| link:https://github.com/kubernetes/component-base[$$k8s.io/component-base$$] | v0.23.0 | Apache-2.0 +| link:https://github.com/kubernetes/kube-openapi[$$k8s.io/kube-openapi$$] | v0.0.0-20211115234752-e816edb12b65 | Apache-2.0 +| link:https://sigs.k8s.io/json[$$sigs.k8s.io/json$$] | v0.0.0-20211020170558-c049b76a60c6 | Apache-2.0 +| link:https://sigs.k8s.io/structured-merge-diff/v4[$$sigs.k8s.io/structured-merge-diff/v4$$] | v4.2.0 | Apache-2.0 +| link:https://sigs.k8s.io/yaml[$$sigs.k8s.io/yaml$$] | v1.3.0 | MIT |=== diff --git a/go.mod b/go.mod index 561774fe130..e7e50555558 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/elazarl/goproxy v0.0.0-20190711103511-473e67f1d7d2 // indirect github.com/fsnotify/fsnotify v1.5.1 github.com/ghodss/yaml v1.0.0 - github.com/go-logr/logr v0.4.0 + github.com/go-logr/logr v1.2.0 github.com/go-test/deep v1.0.8 github.com/gobuffalo/flect v0.2.4 github.com/google/go-cmp v0.5.6 @@ -26,7 +26,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.11.0 - github.com/prometheus/common v0.26.0 + github.com/prometheus/common v0.28.0 github.com/sethvargo/go-password v0.2.0 github.com/spf13/cobra v1.3.0 github.com/spf13/pflag v1.0.5 @@ -41,12 +41,12 @@ require ( golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b - k8s.io/api v0.22.4 - k8s.io/apimachinery v0.22.4 - k8s.io/client-go v0.22.4 - k8s.io/klog/v2 v2.10.0 - k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a - sigs.k8s.io/controller-runtime v0.10.3 + k8s.io/api v0.23.0 + k8s.io/apimachinery v0.23.0 + k8s.io/client-go v0.23.0 + k8s.io/klog/v2 v2.30.0 + k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b + sigs.k8s.io/controller-runtime v0.11.0 sigs.k8s.io/controller-tools v0.7.0 ) diff --git a/go.sum b/go.sum index 65e69ffaa92..880f720ff67 100644 --- a/go.sum +++ b/go.sum @@ -77,6 +77,7 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= @@ -177,8 +178,9 @@ github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPO github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= -github.com/evanphx/json-patch v4.11.0+incompatible h1:glyUF9yIYtMHzn8xaKw5rMhdWcwsYV8dZHIq5567/xs= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= @@ -197,6 +199,7 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= +github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -213,10 +216,11 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/zapr v0.4.0 h1:uc1uML3hRYL9/ZZPdgHS/n8Nzo+eaYL/Efxkkamf7OM= -github.com/go-logr/zapr v0.4.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= +github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= +github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= @@ -238,6 +242,7 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -277,6 +282,8 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= +github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -325,6 +332,7 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= @@ -538,14 +546,15 @@ github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.14.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= -github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= -github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= +github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE= +github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= @@ -584,8 +593,9 @@ github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= +github.com/prometheus/common v0.28.0 h1:vGVfV9KrDTvWt5boZO0I19g2E3CsWfpPPKZM9dt3mEw= +github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190425082905-87a4384529e0/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -675,6 +685,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.elastic.co/apm v1.15.0 h1:uPk2g/whK7c7XiZyz/YCUnAUBNPiyNeE3ARX3G6Gx7Q= go.elastic.co/apm v1.15.0/go.mod h1:dylGv2HKR0tiCV+wliJz1KHtDyuD8SPe69oV7VyK6WY= go.elastic.co/apm/module/apmelasticsearch v1.15.0 h1:c5/qg+9AYe1QCGhu7FGqoydY9NNkNzc+iRpJJXRK/WE= @@ -721,8 +732,9 @@ go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/automaxprocs v1.4.0 h1:CpDZl6aOlLhReez+8S3eEotD7Jx0Os++lemPlMULQP0= go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.1.11-0.20210813005559-691160354723 h1:sHOAIxRGBp443oHZIPB+HsUGaksVCXVQENPxwTfQdH4= go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= +go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= @@ -835,8 +847,11 @@ golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210825183410-e898025ed96a h1:bRuuGXV8wwSdGTB+CtJf+FjgO1APK1CoO39T4BN/XBw= +golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -940,20 +955,23 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211210111614-af8b64212486 h1:5hpz5aRr+W1erYCL5JRhSUBJRph7l9XkNveoExlrKYk= golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE= +golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1034,8 +1052,9 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff h1:VX/uD7MK0AHXGiScH3fsieUQUcpmRERPDYtqZdJnA+Q= +golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1122,6 +1141,7 @@ google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -1249,42 +1269,54 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= k8s.io/api v0.22.2/go.mod h1:y3ydYpLJAaDI+BbSe2xmGcqxiWHmWjkEeIbiwHvnPR8= -k8s.io/api v0.22.4 h1:UvyHW0ezB2oIgHAxlYoo6UJQObYXU7awuNarwoHEOjw= -k8s.io/api v0.22.4/go.mod h1:Rgs+9gIGYC5laXQSZZ9JqT5NevNgoGiOdVWi1BAB3qk= -k8s.io/apiextensions-apiserver v0.22.2 h1:zK7qI8Ery7j2CaN23UCFaC1hj7dMiI87n01+nKuewd4= +k8s.io/api v0.23.0 h1:WrL1gb73VSC8obi8cuYETJGXEoFNEh3LU0Pt+Sokgro= +k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg= k8s.io/apiextensions-apiserver v0.22.2/go.mod h1:2E0Ve/isxNl7tWLSUDgi6+cmwHi5fQRdwGVCxbC+KFA= +k8s.io/apiextensions-apiserver v0.23.0 h1:uii8BYmHYiT2ZTAJxmvc3X8UhNYMxl2A0z0Xq3Pm+WY= +k8s.io/apiextensions-apiserver v0.23.0/go.mod h1:xIFAEEDlAZgpVBl/1VSjGDmLoXAWRG40+GsWhKhAxY4= k8s.io/apimachinery v0.22.2/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= -k8s.io/apimachinery v0.22.4 h1:9uwcvPpukBw/Ri0EUmWz+49cnFtaoiyEhQTK+xOe7Ck= -k8s.io/apimachinery v0.22.4/go.mod h1:yU6oA6Gnax9RrxGzVvPFFJ+mpnW6PBSqp0sx0I0HHW0= +k8s.io/apimachinery v0.23.0 h1:mIfWRMjBuMdolAWJ3Fd+aPTMv3X9z+waiARMpvvb0HQ= +k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc= k8s.io/apiserver v0.22.2/go.mod h1:vrpMmbyjWrgdyOvZTSpsusQq5iigKNWv9o9KlDAbBHI= +k8s.io/apiserver v0.23.0/go.mod h1:Cec35u/9zAepDPPFyT+UMrgqOCjgJ5qtfVJDxjZYmt4= k8s.io/client-go v0.22.2/go.mod h1:sAlhrkVDf50ZHx6z4K0S40wISNTarf1r800F+RlCF6U= -k8s.io/client-go v0.22.4 h1:aAQ1Wk+I3bjCNk35YWUqbaueqrIonkfDPJSPDDe8Kfg= -k8s.io/client-go v0.22.4/go.mod h1:Yzw4e5e7h1LNHA4uqnMVrpEpUs1hJOiuBsJKIlRCHDA= +k8s.io/client-go v0.23.0 h1:vcsOqyPq7XV3QmQRCBH/t9BICJM9Q1M18qahjv+rebY= +k8s.io/client-go v0.23.0/go.mod h1:hrDnpnK1mSr65lHHcUuIZIXDgEbzc7/683c6hyG4jTA= k8s.io/code-generator v0.22.2/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= -k8s.io/component-base v0.22.2 h1:vNIvE0AIrLhjX8drH0BgCNJcR4QZxMXcJzBsDplDx9M= +k8s.io/code-generator v0.23.0/go.mod h1:vQvOhDXhuzqiVfM/YHp+dmg10WDZCchJVObc9MvowsE= k8s.io/component-base v0.22.2/go.mod h1:5Br2QhI9OTe79p+TzPe9JKNQYvEKbq9rTJDWllunGug= +k8s.io/component-base v0.23.0 h1:UAnyzjvVZ2ZR1lF35YwtNY6VMN94WtOnArcXBu34es8= +k8s.io/component-base v0.23.0/go.mod h1:DHH5uiFvLC1edCpvcTDV++NKULdYYU6pR9Tt3HIKMKI= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.10.0 h1:R2HDMDJsHVTHA2n4RjwbeYXdOcBymXdX/JRb1v0VGhE= -k8s.io/klog/v2 v2.10.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= +k8s.io/klog/v2 v2.30.0 h1:bUO6drIvCIsvZ/XFgfxoGFQU/a4Qkh0iAlvUR7vlHJw= +k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c h1:jvamsI1tn9V0S8jicyX82qaFC0H/NKxv2e5mbqsgR80= -k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a h1:8dYfu/Fc9Gz2rNJKB9IQRGgQOh2clmRzNIPPY1xLY5g= +k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4= +k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b h1:wxEMGetGMur3J1xuGLQY7GEQYg9bZxKn3tKo5k/eYcs= +k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/controller-runtime v0.10.3 h1:s5Ttmw/B4AuIbwrXD3sfBkXwnPMMWrqpVj4WRt1dano= -sigs.k8s.io/controller-runtime v0.10.3/go.mod h1:CQp8eyUQZ/Q7PJvnIrB6/hgfTC1kBkGylwsLgOQi1WY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.25/go.mod h1:Mlj9PNLmG9bZ6BHFwFKDo5afkpWyUISkb9Me0GnK66I= +sigs.k8s.io/controller-runtime v0.11.0 h1:DqO+c8mywcZLFJWILq4iktoECTyn30Bkj0CwgqMpZWQ= +sigs.k8s.io/controller-runtime v0.11.0/go.mod h1:KKwLiTooNGu+JmLZGn9Sl3Gjmfj66eMbCQznLP5zcqA= sigs.k8s.io/controller-tools v0.7.0 h1:iZIz1vEcavyEfxjcTLs1WH/MPf4vhPCtTKhoHqV8/G0= sigs.k8s.io/controller-tools v0.7.0/go.mod h1:bpBAo0VcSDDLuWt47evLhMLPxRPxMDInTEH/YbdeMK0= +sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 h1:fD1pz4yfdADVNfFmcP2aBEtudwUQ1AlLnRBALr33v3s= +sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.1.2 h1:Hr/htKFmJEbtMgS/UD0N+gtgctAqz81t3nu+sPzynno= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= +sigs.k8s.io/structured-merge-diff/v4 v4.2.0 h1:kDvPBbnPk+qYmkHmSo8vKGp438IASWofnbbUKDE/bv0= +sigs.k8s.io/structured-merge-diff/v4 v4.2.0/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/pkg/controller/apmserver/deployment_test.go b/pkg/controller/apmserver/deployment_test.go index 01fbecb63bc..8891c0e88ac 100644 --- a/pkg/controller/apmserver/deployment_test.go +++ b/pkg/controller/apmserver/deployment_test.go @@ -174,7 +174,7 @@ func expectedDeploymentParams() testParams { PeriodSeconds: 10, SuccessThreshold: 1, TimeoutSeconds: 5, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Port: intstr.FromInt(8200), Path: "/", diff --git a/pkg/controller/apmserver/pod.go b/pkg/controller/apmserver/pod.go index 489a4d59a7b..24dea0abe25 100644 --- a/pkg/controller/apmserver/pod.go +++ b/pkg/controller/apmserver/pod.go @@ -53,7 +53,7 @@ func readinessProbe(tls bool) corev1.Probe { PeriodSeconds: 10, SuccessThreshold: 1, TimeoutSeconds: 5, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Port: intstr.FromInt(HTTPPort), Path: "/", diff --git a/pkg/controller/beat/common/config_test.go b/pkg/controller/beat/common/config_test.go index fe867f1cd1e..a626f255117 100644 --- a/pkg/controller/beat/common/config_test.go +++ b/pkg/controller/beat/common/config_test.go @@ -13,7 +13,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" - "sigs.k8s.io/controller-runtime/pkg/log" beatv1beta1 "github.com/elastic/cloud-on-k8s/pkg/apis/beat/v1beta1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" @@ -175,7 +174,7 @@ func Test_buildBeatConfig(t *testing.T) { gotYaml, gotErr := buildBeatConfig(DriverParams{ Client: tt.client, Context: nil, - Logger: logr.DiscardLogger{}, + Logger: logr.Discard(), Watches: watches.NewDynamicWatches(), EventRecorder: nil, Beat: tt.beat, @@ -369,7 +368,7 @@ func Test_getUserConfig(t *testing.T) { t.Run(tt.name, func(t *testing.T) { params := DriverParams{ Context: context.Background(), - Logger: log.NullLogger{}, + Logger: logr.Discard(), Client: tt.client, EventRecorder: &record.FakeRecorder{}, Watches: watches.NewDynamicWatches(), diff --git a/pkg/controller/common/container/defaulter.go b/pkg/controller/common/container/defaulter.go index 4c3010e0d2f..c007b0be79e 100644 --- a/pkg/controller/common/container/defaulter.go +++ b/pkg/controller/common/container/defaulter.go @@ -155,7 +155,7 @@ func (d Defaulter) WithVolumeMounts(volumeMounts []corev1.VolumeMount) Defaulter return d } -func (d Defaulter) WithPreStopHook(handler *corev1.Handler) Defaulter { +func (d Defaulter) WithPreStopHook(handler *corev1.LifecycleHandler) Defaulter { if d.base.Lifecycle == nil { d.base.Lifecycle = &corev1.Lifecycle{} } diff --git a/pkg/controller/common/defaults/pod_template.go b/pkg/controller/common/defaults/pod_template.go index 89c89a1d25e..8de12e76f11 100644 --- a/pkg/controller/common/defaults/pod_template.go +++ b/pkg/controller/common/defaults/pod_template.go @@ -307,7 +307,7 @@ func (b *PodTemplateBuilder) WithResources(resources corev1.ResourceRequirements return b } -func (b *PodTemplateBuilder) WithPreStopHook(handler corev1.Handler) *PodTemplateBuilder { +func (b *PodTemplateBuilder) WithPreStopHook(handler corev1.LifecycleHandler) *PodTemplateBuilder { b.containerDefaulter.WithPreStopHook(&handler) return b } diff --git a/pkg/controller/common/defaults/pod_template_test.go b/pkg/controller/common/defaults/pod_template_test.go index f460980aecc..0747cfabd2d 100644 --- a/pkg/controller/common/defaults/pod_template_test.go +++ b/pkg/controller/common/defaults/pod_template_test.go @@ -216,14 +216,14 @@ func TestPodTemplateBuilder_WithReadinessProbe(t *testing.T) { name: "no readiness probe in pod template: use default one", PodTemplate: corev1.PodTemplateSpec{}, readinessProbe: corev1.Probe{ - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/probe", }, }, }, want: &corev1.Probe{ - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/probe", }, @@ -238,7 +238,7 @@ func TestPodTemplateBuilder_WithReadinessProbe(t *testing.T) { { Name: containerName, ReadinessProbe: &corev1.Probe{ - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/user-provided", }, @@ -249,14 +249,14 @@ func TestPodTemplateBuilder_WithReadinessProbe(t *testing.T) { }, }, readinessProbe: corev1.Probe{ - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/probe", }, }, }, want: &corev1.Probe{ - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/user-provided", }, @@ -1102,14 +1102,14 @@ func TestPodTemplateBuilder_WithDefaultResources(t *testing.T) { func TestPodTemplateBuilder_WithPreStopHook(t *testing.T) { containerName := "mycontainer" - defaultHook := corev1.Handler{Exec: &corev1.ExecAction{Command: []string{"default", "command"}}} - userHook := &corev1.Handler{} + defaultHook := corev1.LifecycleHandler{Exec: &corev1.ExecAction{Command: []string{"default", "command"}}} + userHook := &corev1.LifecycleHandler{} tests := []struct { name string podTemplate corev1.PodTemplateSpec - preStopHook corev1.Handler - wantPreStop corev1.Handler - wantPostStart *corev1.Handler + preStopHook corev1.LifecycleHandler + wantPreStop corev1.LifecycleHandler + wantPostStart *corev1.LifecycleHandler }{ { name: "no pre stop hook in pod template: use default one", @@ -1160,7 +1160,7 @@ func TestPodTemplateBuilder_WithPreStopHook(t *testing.T) { { Name: containerName, Lifecycle: &corev1.Lifecycle{ - PostStart: &corev1.Handler{}, + PostStart: &corev1.LifecycleHandler{}, PreStop: userHook, }, }, diff --git a/pkg/controller/elasticsearch/nodespec/lifecycle_hook.go b/pkg/controller/elasticsearch/nodespec/lifecycle_hook.go index efb8068fac8..dcc4ea1b5ce 100644 --- a/pkg/controller/elasticsearch/nodespec/lifecycle_hook.go +++ b/pkg/controller/elasticsearch/nodespec/lifecycle_hook.go @@ -12,8 +12,8 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/volume" ) -func NewPreStopHook() *v1.Handler { - return &v1.Handler{ +func NewPreStopHook() *v1.LifecycleHandler { + return &v1.LifecycleHandler{ Exec: &v1.ExecAction{ Command: []string{"bash", "-c", path.Join(volume.ScriptsVolumeMountPath, PreStopHookScriptConfigKey)}}, } diff --git a/pkg/controller/elasticsearch/nodespec/readiness_probe.go b/pkg/controller/elasticsearch/nodespec/readiness_probe.go index 6081a19ac9f..abddba152e7 100644 --- a/pkg/controller/elasticsearch/nodespec/readiness_probe.go +++ b/pkg/controller/elasticsearch/nodespec/readiness_probe.go @@ -21,7 +21,7 @@ func NewReadinessProbe() *corev1.Probe { PeriodSeconds: 5, SuccessThreshold: 1, TimeoutSeconds: 5, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ Exec: &corev1.ExecAction{ Command: []string{"bash", "-c", path.Join(volume.ScriptsVolumeMountPath, ReadinessProbeScriptConfigKey)}, }, diff --git a/pkg/controller/enterprisesearch/pod.go b/pkg/controller/enterprisesearch/pod.go index ec6d15eda3c..06787335589 100644 --- a/pkg/controller/enterprisesearch/pod.go +++ b/pkg/controller/enterprisesearch/pod.go @@ -44,7 +44,7 @@ var ( PeriodSeconds: 10, SuccessThreshold: 1, TimeoutSeconds: 5, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ Exec: &corev1.ExecAction{ Command: []string{"bash", path.Join(ReadinessProbeMountPath)}, }, diff --git a/pkg/controller/kibana/driver_test.go b/pkg/controller/kibana/driver_test.go index 92626c8349f..1e371e80ed9 100644 --- a/pkg/controller/kibana/driver_test.go +++ b/pkg/controller/kibana/driver_test.go @@ -241,7 +241,7 @@ func TestDriverDeploymentParams(t *testing.T) { params.PodTemplateSpec.Spec.Volumes = params.PodTemplateSpec.Spec.Volumes[1:] params.PodTemplateSpec.Spec.InitContainers[0].VolumeMounts = params.PodTemplateSpec.Spec.InitContainers[0].VolumeMounts[1:] params.PodTemplateSpec.Spec.Containers[0].VolumeMounts = params.PodTemplateSpec.Spec.Containers[0].VolumeMounts[1:] - params.PodTemplateSpec.Spec.Containers[0].ReadinessProbe.Handler.HTTPGet.Scheme = corev1.URISchemeHTTP + params.PodTemplateSpec.Spec.Containers[0].ReadinessProbe.ProbeHandler.HTTPGet.Scheme = corev1.URISchemeHTTP params.PodTemplateSpec.Spec.Containers[0].Ports[0].Name = "http" return params }(), @@ -571,7 +571,7 @@ func expectedDeploymentParams() deployment.Params { PeriodSeconds: 10, SuccessThreshold: 1, TimeoutSeconds: 5, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Port: intstr.FromInt(5601), Path: "/login", diff --git a/pkg/controller/kibana/pod.go b/pkg/controller/kibana/pod.go index 13cdb5ee4d9..544504f217c 100644 --- a/pkg/controller/kibana/pod.go +++ b/pkg/controller/kibana/pod.go @@ -60,7 +60,7 @@ func readinessProbe(useTLS bool) corev1.Probe { PeriodSeconds: 10, SuccessThreshold: 1, TimeoutSeconds: 5, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Port: intstr.FromInt(network.HTTPPort), Path: "/login", diff --git a/pkg/controller/maps/pod.go b/pkg/controller/maps/pod.go index 2cec130cc3a..2155629763a 100644 --- a/pkg/controller/maps/pod.go +++ b/pkg/controller/maps/pod.go @@ -46,7 +46,7 @@ func readinessProbe(useTLS bool) corev1.Probe { PeriodSeconds: 10, SuccessThreshold: 1, TimeoutSeconds: 5, - Handler: corev1.Handler{ + ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Port: intstr.FromInt(HTTPPort), Path: "/status",